[Bug 722386] Re: sshd buffer overflow detected crash from certain ip addresses
Kees Cook
kees at ubuntu.com
Mon Feb 21 18:47:17 UTC 2011
The backtrace shows that this is from the pgsql PAM module. A quick
check of the code shows that it is assuming that h_addr is always an
IPv4 when it may not be, resulting in a potential overflow of the buffer
it creates to hold an IP address.
** Package changed: openssh (Ubuntu) => pam-pgsql (Ubuntu)
** Changed in: pam-pgsql (Ubuntu)
Importance: Undecided => Medium
** Changed in: pam-pgsql (Ubuntu)
Status: New => Confirmed
** Summary changed:
- sshd buffer overflow detected crash from certain ip addresses
+ PAM pgsql buffer overflow when dealing with IPv6 addresses
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in ubuntu.
https://bugs.launchpad.net/bugs/722386
Title:
PAM pgsql buffer overflow when dealing with long addresses
More information about the Ubuntu-server-bugs
mailing list