[Bug 1268719] Re: sshd cause segfault in libc if too many IP addresses on interface

Robie Basak 1268719 at bugs.launchpad.net
Mon Jan 20 12:30:22 UTC 2014 

Thank you for taking the time to report this bug and helping to make
Ubuntu better.

Setting this to Importance: Low; justification: "Bugs that affect
unusual end-user configurations".

I suggest that you check to see if Debian or upstream directly (compiled
from upstream source without packaging) are affected and report this bug
in those places if they are affected.

** Changed in: openssh (Ubuntu)
   Importance: Undecided => Low

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1268719

Title:
  sshd cause segfault in libc if too many IP addresses on interface

Status in “openssh” package in Ubuntu:
  New

Bug description:
  sshd cause segfault in libc during new user connecton if too many IP
  addresses assigned to any interface

  If any network interface in system has too many addresses on it, at
  every new login  sshd cause segfault:

  sshd[28944]: segfault at 7fff2d3b6ff0 ip 00007fa8f7ac7ee8 sp
  00007fff2d3b6ff0 error 6 in libc-2.15.so[7fa8f79ae000+1b5000]

  Script to configure addresses:

  
  #!/bin/bash
  ip tuntap add mode tun dev ssh_down
  for a in `seq 1 4`; do
          for b in `seq 1 254`; do
                  echo "10.$a.$b.x " `date '+%Y-%M-%d %H:%m:%S %s'`|tee -a log
                  for c in `seq 1 254`;do
                          ip a a 10.$a.$b.$c/8 dev ssh_down
                  done
          done
  done

  It gonna take some time to generate enough addresses (in my case it
  was about 20 minutes). Somewhere during that time new ssh connections
  starts to fail.

  In my tests crical point was somewhere near 10.3.200.x
  (3*253*253=~200k addresses).

  Reproducibility: always

  Security scope: This bug allow user with netadmin priveleges
  completely disable new logins to server via ssh.

  Steps to reproduce:

  1. Run script
  2.  wait until it done
  3. Try to log in to that server.

  Expected behavior: successfull login
  Actual behavior: 
  ssh_exchange_identification: read: Connection reset by peer
  + 
  [  622.730506] sshd[32556]: segfault at 7fff3568ffd0 ip 00007f5d1dda7ee8 sp 00007fff3568ffd0 error 6 in libc-2.15.so[7f5d1dc8e000+1b5000]
  in dmesg.

  Existing ssh connections are not affected.

  Ubuntu version:
  Description:	Ubuntu 12.04.3 LTS
  Release:	12.04

  
  ssh version:
  openssh-client                  1:5.9p1-5ubuntu1.1
  openssh-server                  1:5.9p1-5ubuntu1.1
  ssh                             1:5.9p1-5ubuntu1.1

  libc version:
  libc-bin                        2.15-0ubuntu10.5 
  libc-dev-bin                    2.15-0ubuntu10.5
  libc6                           2.15-0ubuntu10.5
  libc6-dev                       2.15-0ubuntu10.5

  Kernel version:
  linux-image-3.2.0-58-generic    3.2.0-58.88

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1268719/+subscriptions

More information about the foundations-bugs mailing list