[Bug 2019] New: After a possible buffer overflow attack sshd does not accept connections any longer.
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Sun Jun 17 07:56:49 EST 2012
https://bugzilla.mindrot.org/show_bug.cgi?id=2019
Bug #: 2019
Summary: After a possible buffer overflow attack sshd does not
accept connections any longer.
Classification: Unclassified
Product: Portable OpenSSH
Version: 5.4p1
Platform: ix86
OS/Version: HP-UX
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: Cliff.Brown at NCR.com
Hello,
We have a number of servers all around the world that are running sshd
as the only means to remotely log into the system. Our network
security department has a server 10.6.2.50 using a security program
called Regina Scan. Retina Scan periodically interrogates the systems
attempting different known attack's to see if any of the systems fail
the attack. We are then notified when this happens usually requiring
an upgrade.
We are running into a problem where if the test is a Buffer overflow
attack then sshd resists the attack but then will not accept
connections after the attack. Since local personnel do not have the
root password so this requires powering the server off/on. This does
not always happen. Sometimes sshd recovers and continues on normally.
Below are examples of the log entries we are seeing. I don't know if
this is a bug or just a configuration problem. I have not been able to
find any solution in the readme file for 6.0 or on the web. So I am
escalating this to the group to see if I can get some direction.
15:03:03: sshd: Did not receive identification string from <IP address>
15:04:29: sshd: Bad protocol version identification ' ' from <IP
Address> 15:04:29: error: reexec socketpair: Interrupted system call
15:04:29: error: ssh_msg_recv: read: header
15:04:29: mountd: mount (version 3) attempt failed for /home2/refpos
request from <IP Address>
Subsequent messages in the log
15:06:54: sshd: error: ssh_msg_recv: read: header
15:06:54: fatal: recv_rexec_state: ssh_msg_recv failed
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list