[Bug 390556] [NEW] openssh-server dos regression in jaunty (oom_adj)

ksuehring suehring at hhi.de
Mon Jun 22 09:08:48 BST 2009

*** This bug is a security vulnerability ***

Public security bug reported:

Binary package hint: openssh-server

All child processes of openssh-server inherit the oom_adj value of -17
which makes the unkillable in low memory situation. Any user logged into
the machine via ssh can cause a kernel-panic by creating a process that
simply consumes memory.

I have reported this before for Hardy (Bug #293000). Upstream Debian
fixes were shipped in Intrepid, Jaunty has the problem again.

Please fix openssh to degrade child processes to a higher oom_adj value.

** Affects: openssh (Ubuntu)
     Importance: Undecided
         Status: New

** Visibility changed to: Public

openssh-server dos regression in jaunty (oom_adj)
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in ubuntu.

More information about the Ubuntu-server-bugs mailing list