[Bug 293000] Re: hardy: openssh-server oom_adj can lead to denial of service
Dave Martin
Dave.Martin at arm.com
Wed Mar 3 17:56:18 GMT 2010
This bug either wasn't fixed or there has been a recent regression.
Ubuntu lucid
openssh-server 1:5.3p1-3ubuntu1
/etc/default/ssh: SSHD_OOM_ADJUST=-17
As well as causing kernel panics, a malicious user can use this
technique to kill off trusted root daemons and (if they use a port >=
1024) launch spoofing processes.
Not only is this a DoS risk, it can also lead to takedown of critical
system components required for the SSH session to work (NetworkManager
etc.)
** Changed in: openssh (Ubuntu)
Status: Fix Released => Confirmed
--
hardy: openssh-server oom_adj can lead to denial of service
https://bugs.launchpad.net/bugs/293000
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in ubuntu.
More information about the Ubuntu-server-bugs
mailing list