sshd cause segfault in libc if too many IP addresses on interface
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openssh (Ubuntu) |
New
|
Low
|
Unassigned |
Bug Description
sshd cause segfault in libc during new user connecton if too many IP addresses assigned to any interface
If any network interface in system has too many addresses on it, at every new login sshd cause segfault:
sshd[28944]: segfault at 7fff2d3b6ff0 ip 00007fa8f7ac7ee8 sp 00007fff2d3b6ff0 error 6 in libc-2.
Script to configure addresses:
#!/bin/bash
ip tuntap add mode tun dev ssh_down
for a in `seq 1 4`; do
for b in `seq 1 254`; do
for c in `seq 1 254`;do
done
done
It gonna take some time to generate enough addresses (in my case it was about 20 minutes). Somewhere during that time new ssh connections starts to fail.
In my tests crical point was somewhere near 10.3.200.x (3*253*253=~200k addresses).
Reproducibility: always
Security scope: This bug allow user with netadmin priveleges completely disable new logins to server via ssh.
Steps to reproduce:
1. Run script
2. wait until it done
3. Try to log in to that server.
Expected behavior: successfull login
Actual behavior:
ssh_exchange_
+
[ 622.730506] sshd[32556]: segfault at 7fff3568ffd0 ip 00007f5d1dda7ee8 sp 00007fff3568ffd0 error 6 in libc-2.
in dmesg.
Existing ssh connections are not affected.
Ubuntu version:
Description: Ubuntu 12.04.3 LTS
Release: 12.04
ssh version:
openssh-client 1:5.9p1-5ubuntu1.1
openssh-server 1:5.9p1-5ubuntu1.1
ssh 1:5.9p1-5ubuntu1.1
libc version:
libc-bin 2.15-0ubuntu10.5
libc-dev-bin 2.15-0ubuntu10.5
libc6 2.15-0ubuntu10.5
libc6-dev 2.15-0ubuntu10.5
Kernel version:
linux-image-
information type: | Private Security → Public Security |
affects: | ubuntu → openssh (Ubuntu) |
Thank you for taking the time to report this bug and helping to make Ubuntu better. It seems that your bug report is not filed about a specific source package though, rather it is just filed against Ubuntu in general. It is important that bug reports be filed about source packages so that people interested in the package can find the bugs about it. You can find some hints about determining what package your bug might be about at https:/ /wiki.ubuntu. com/Bugs/ FindRightPackag e. You might also ask for help in the #ubuntu-bugs irc channel on Freenode.
To change the source package that this bug is filed about visit https:/ /bugs.launchpad .net/ubuntu/ +bug/1268719/ +editstatus and add the package name in the text box next to the word Package.
[This is an automated message. I apologize if it reached you inappropriately; please just reply to this message indicating so.]