[Bug 3401] New: Illegal hardware instruction
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Thu Mar 10 15:54:47 AEDT 2022
https://bugzilla.mindrot.org/show_bug.cgi?id=3401
Bug ID: 3401
Summary: Illegal hardware instruction
Product: Portable OpenSSH
Version: 8.9p1
Hardware: All
OS: Linux
Status: NEW
Severity: security
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: andres at antai-group.com
Created attachment 3578
--> https://bugzilla.mindrot.org/attachment.cgi?id=3578&action=edit
PoC configuration file for ssh. Usage: "sshd -t -f poc.conf"
* LOW RISK/Further testing is required to understand the issue.
An illegal hardware instruction that crashes sshd occurs under some
circumstances when input is provided through its configuration file.
The problem resides in the "RekeyLimit" configuration option, when
maximum amount of time that may pass before the session key is
renegotiated is provided.
The biggest risk is Availability of sshd, particularly for cases where
mass configuration of servers is done through automated pipelines that
dynamically generate the configuration files and might generate a input
value that that triggers the issue.
=========================
PoC Command output:
=========================
valgrind sshd -t -f poc.conf
Valgrind output:
...
...
==3348611== Process terminating with default action of signal 4
(SIGILL)
==3348611== Illegal opcode at address 0x1857A5
==3348611== at 0x1857A5: UnknownInlinedFun (fmt_scaled.c:122)
==3348611== by 0x1857A5: process_server_config_line_depth
(servconf.c:1682)
==3348611== by 0x185EA6: parse_server_config_depth (servconf.c:2687)
==3348611== by 0x186F39: parse_server_config (servconf.c:2704)
==3348611== by 0x1576CC: main (sshd.c:1742)
...
...
zsh: illegal hardware instruction
=========================
See attached file poc.conf
---
Carlos Andres Ramirez
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list