53020 – sshd segfaults after pam failure.

Bug 53020 - sshd segfaults after pam failure.

Summary: sshd segfaults after pam failure.

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Red Hat Public Beta
Classification:	Retired
Component:	openssh
Sub Component:
Version:	roswell
Hardware:	i386
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Nalin Dahyabhai
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2001-09-01 22:10 UTC by Chris Kloiber
Modified:	2008-05-01 15:38 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2001-09-04 14:36:05 UTC
Embargoed:

Attachments	(Terms of Use)

Description Chris Kloiber 2001-09-01 22:10:05 UTC

Description of Problem:

sshd drops connection after 1 passowrd attempt:

# sshd -d
debug1: Seeding random number generator
debug1: sshd version OpenSSH_2.9p2
debug1: private host key: #0 type 0 RSA1
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
Generating 768 bit RSA key.
RSA key generation complete.
debug1: Server will not fork when running in debugging mode.
Connection from 172.16.46.121 port 32979
debug1: Client protocol version 2.0; client software version OpenSSH_2.9p2
debug1: match: OpenSSH_2.9p2 pat ^OpenSSH
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-1.99-OpenSSH_2.9p2
debug1: Rhosts Authentication disabled, originating port not trusted.
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug1: dh_gen_key: priv key bits set: 133/256
debug1: bits set: 1061/2049
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug1: bits set: 1039/2049
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user root service ssh-connection method none
debug1: attempt 0 failures 0
debug1: Starting up PAM with username "root"
debug1: PAM setting rhost to "ckloiber.support.redhat.com"
Failed none for ROOT from 172.16.46.121 port 32979 ssh2
debug1: userauth-request for user root service ssh-connection method password
debug1: attempt 1 failures 1
debug1: PAM Password authentication accepted for user "root"
Segmentation fault

(sshd is the program segfaulting)

Error is identical (except for username) if tried as non-root.

Version-Release number of selected component (if applicable):

openssh-server-2.9p2-6
openssh-askpass-2.9p2-6
openssh-askpass-gnome-2.9p2-6
openssh-clients-2.9p2-6
openssh-2.9p2-6

openssl096-0.9.6-6
openssl-0.9.6b-7
openssl-perl-0.9.6b-7
openssl-devel-0.9.6b-7
openssl095a-0.9.5a-11

pam_smb-1.1.6-2
pam-devel-0.75-10
pam_krb5-1.45-1
pam-0.75-10

Steps to Reproduce:
1. start 'sshd -d' using above package versions
2. connect from another machine.
3. gets as far as entering the password, then *BOOM!*

Comment 1 Nalin Dahyabhai 2001-09-06 03:07:04 UTC

This should be fixed in pam-0.75-11 and later.  Please reopen this bug if you
find that this is not the case.

Note You need to log in before you can comment on or make changes to this bug.