Bug 1384566

Summary: Memory leak in KEXINIT resulting in a DoS situation
Product: Red Hat Enterprise Linux 7 Reporter: thibaut.pouzet
Component: opensshAssignee: Jakub Jelen <jjelen>
Status: CLOSED DUPLICATE QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.4CC: thibaut.pouzet
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-10-17 07:42:14 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description thibaut.pouzet 2016-10-13 14:45:10 UTC
Description of problem:

There has been a patch made upstream for a DoS issue within openssh-server
https://github.com/openssh/openssh-portable/commit/ec165c392ca54317dbe3064a8c200de6531e89ad#diff-cc9e833353f4432391cb4c8463c0a2be
Comment of the commit : 
Unregister the KEXINIT handler after message has been received. Otherwise an unauthenticated peer can repeat the KEXINIT and cause allocation of up to 128MB -- until the connection is closed. Reported by shilei-c at 360.cn

I cannot find any information inside RedHat's bugzilla about the status of RHEL on this topic.

Version-Release number of selected component (if applicable):

Unknown

How reproducible:

Unknown

Additional info:

Comment 2 Jakub Jelen 2016-10-17 07:42:14 UTC

*** This bug has been marked as a duplicate of bug 1384860 ***