saslauthd[26791]: segfault at 0 ip b71de6f1 sp bfcd2d9c error 4 in libc-2.17.so[b7160000+1ad000]
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cyrus-sasl2 (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Lucid |
Invalid
|
Undecided
|
Unassigned | ||
Precise |
Invalid
|
Undecided
|
Unassigned | ||
Quantal |
Invalid
|
Undecided
|
Unassigned | ||
Raring |
Fix Released
|
Medium
|
Marc Deslauriers | ||
Saucy |
Fix Released
|
High
|
Unassigned |
Bug Description
The mail server (raring 13.04 headless) is getting a dictionary attack and saslauthd is crashing with fault in libc
thus;
/var/log/auth.log
Jun 3 11:27:41 ubuntu saslauthd[26789]: do_auth : auth failure: [user=admin] [service=smtp] [realm=] [$
Jun 3 11:27:44 ubuntu saslauthd[26790]: do_auth : auth failure: [user=test] [service=smtp] [realm=] [m$
Jun 3 11:27:48 ubuntu saslauthd[26793]: do_auth : auth failure: [user=www] [service=smtp] [realm=] [me$
Jun 3 11:27:51 ubuntu saslauthd[26789]: do_auth : auth failure: [user=testuser] [service=smtp] [realm=$
Jun 3 11:27:54 ubuntu saslauthd[26790]: do_auth : auth failure: [user=webadmin] [service=smtp] [realm=$
/var/log/mail.log
Jun 3 11:27:41 ubuntu postfix/
Jun 3 11:27:42 ubuntu postfix/
Jun 3 11:27:44 ubuntu postfix/
Jun 3 11:27:45 ubuntu postfix/
Jun 3 11:27:48 ubuntu postfix/
Jun 3 11:27:49 ubuntu postfix/
Jun 3 11:27:51 ubuntu postfix/
Jun 3 11:27:52 ubuntu postfix/
Jun 3 11:27:54 ubuntu postfix/
After a time saslauthd service dies, this is from dmesg
[775847.232115] saslauthd[26791]: segfault at 0 ip b71de6f1 sp bfcd2d9c error 4 in libc-2.
[775856.870264] saslauthd[26790]: segfault at 0 ip b71de6f1 sp bfcd2d9c error 4 in libc-2.
[775876.100629] saslauthd[26789]: segfault at 0 ip b71de6f1 sp bfcd2d9c error 4 in libc-2.
[775882.604389] saslauthd[26793]: segfault at 0 ip b71de6f1 sp bfcd2d9c error 4 in libc-2.
[775915.757471] saslauthd[26792]: segfault at 0 ip b71de6f1 sp bfcd2d9c error 4 in libc-2.
uname
Linux ubuntu 3.8.0-22-generic #33-Ubuntu SMP Thu May 16 15:17:59 UTC 2013 i686 i686 i686 GNU/Linux
Related branches
CVE References
affects: | apport (Ubuntu) → cyrus-sasl2 (Ubuntu) |
Changed in cyrus-sasl2 (Ubuntu): | |
status: | New → Confirmed |
importance: | Undecided → High |
information type: | Public → Public Security |
....if anyone else is suffering this I installed fail2ban as a workaround, the attacker's IP gets banned before SASL falls over.