[Bug 293000] [NEW] hardy: openssh-server oom_adj can lead to denial of service

[ksuehring]

Public bug reported:

Binary package hint: openssh-server

The ssh init script sets the /proc/$PID/oom_adj value to -17 to avoid
being killed by the OOM killer in low memory situations. Unfortunately
all child processes of sshd inherit this setting.

So any user with ssh access can easily launch a process which
accumulates memory without being killed by the kernel until the system
gets to out of memory kernel panic. This will lead to a denial of
service.

The bug is already reported in the debian bug tracker under the following location:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480020

The fix is included in openssh/1:4.7p1-11. Please update Hardy to this
package version.

** Affects: openssh (Ubuntu)
     Importance: Undecided
         Status: New

-- 
hardy: openssh-server oom_adj can lead to denial of service
https://bugs.launchpad.net/bugs/293000
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in ubuntu.