not being released

Scott Neugroschl scott_n at
Wed Sep 10 09:43:31 EST 2008

> -----Original Message-----
> From: at
> [ at] On
> Behalf Of Kevin Deveau
> Sent: Tuesday, September 09, 2008 11:53 AM
> To: openssh-unix-dev at
> Subject: not being released
> I've noticed a bug with even recent OpenSSH products, where if the
> disconnects during a certain period of time, the connection becomes
> frozen causing possible expolit problems .
> For example
> [root at portal ~] users
> root
> [root at portal ~] uptime -u (used to show how many users the box
> is logged on)
> 2 Users
> [root at portal ~]
> In theory this trapped connection can and has proven to be used for
> expolits as if the correct packet is sent to the box, using gathered
> information of course. the attacker becomes assumed by the local host
> thru a remote host and appears to be authenticated allowing executions
> based on the level of permission the frozen login has
> The example of this is:
> root being the frozen user, the attacker expolits the frozen
> to be assumed as them, and can execute all commands
> where as
> kevin being  a regular client, but also frozen (the box thinks there
> still connected - but they arent) the attacker can only execute
> commands allowed by user permissions.
> The solution to the problem appears to be so far, making sure there
> no frozen connections caused by SSH so u
> who -a, get the pid to the frozen connection, which removes that
> authenticated frozen connection.
> This bug has only been reproduced on the linux operating system, i
> havent used any other OS to test it for them.

Have you done a "ps -ef" to confirm that the child sshd process is still

More information about the openssh-unix-dev mailing list