[Bug 390556] [NEW] openssh-server dos regression in jaunty (oom_adj)
suehring at hhi.de
Mon Jun 22 09:08:48 BST 2009
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: openssh-server
All child processes of openssh-server inherit the oom_adj value of -17
which makes the unkillable in low memory situation. Any user logged into
the machine via ssh can cause a kernel-panic by creating a process that
simply consumes memory.
I have reported this before for Hardy (Bug #293000). Upstream Debian
fixes were shipped in Intrepid, Jaunty has the problem again.
Please fix openssh to degrade child processes to a higher oom_adj value.
** Affects: openssh (Ubuntu)
** Visibility changed to: Public
openssh-server dos regression in jaunty (oom_adj)
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in ubuntu.
More information about the Ubuntu-server-bugs