Bug 987483 - [abrt] openssh-server-6.2p2-3.fc19: _IO_vfprintf_internal: Process /usr/sbin/sshd was killed by signal 11 (SIGSEGV)
[abrt] openssh-server-6.2p2-3.fc19: _IO_vfprintf_internal: Process /usr/sbin/...
Status: CLOSED DUPLICATE of bug 977995
Product: Fedora
Classification: Fedora
Component: openssh (Show other bugs)
19
x86_64 Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Petr Lautrbach
Fedora Extras Quality Assurance
abrt_hash:c941273b61c307ca39cce796824...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-07-23 09:22 EDT by Craig A Martin
Modified: 2013-08-16 04:10 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-08-16 04:10:31 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
File: backtrace (258.74 KB, text/plain)
2013-07-23 09:22 EDT, Craig A Martin
no flags Details
File: cgroup (154 bytes, text/plain)
2013-07-23 09:22 EDT, Craig A Martin
no flags Details
File: core_backtrace (1.36 KB, text/plain)
2013-07-23 09:22 EDT, Craig A Martin
no flags Details
File: dso_list (3.04 KB, text/plain)
2013-07-23 09:22 EDT, Craig A Martin
no flags Details
File: environ (749 bytes, text/plain)
2013-07-23 09:22 EDT, Craig A Martin
no flags Details
File: limits (1.29 KB, text/plain)
2013-07-23 09:22 EDT, Craig A Martin
no flags Details
File: maps (15.47 KB, text/plain)
2013-07-23 09:22 EDT, Craig A Martin
no flags Details
File: open_fds (219 bytes, text/plain)
2013-07-23 09:22 EDT, Craig A Martin
no flags Details
File: proc_pid_status (890 bytes, text/plain)
2013-07-23 09:22 EDT, Craig A Martin
no flags Details
File: var_log_messages (553 bytes, text/plain)
2013-07-23 09:23 EDT, Craig A Martin
no flags Details

  None (edit)
Description Craig A Martin 2013-07-23 09:22:00 EDT
Version-Release number of selected component:
openssh-server-6.2p2-3.fc19

Additional info:
reporter:       libreport-2.1.5
backtrace_rating: 4
cmdline:        'sshd: [accepted]' '' '' '' ''
crash_function: _IO_vfprintf_internal
executable:     /usr/sbin/sshd
kernel:         3.9.9-302.fc19.x86_64
runlevel:       N 5
uid:            0

Truncated backtrace:
Thread no. 1 (10 frames)
 #0 _IO_vfprintf_internal at vfprintf.c:1635
 #1 ___vfprintf_chk at vfprintf_chk.c:34
 #2 __vsyslog_chk at ../misc/syslog.c:222
 #3 vsyslog at /usr/include/bits/syslog.h:47
 #4 tcpd_diag at diag.c:45
 #5 tcpd_warn at diag.c:55
 #6 sock_hostname at socket.c:277
 #7 eval_hostname at eval.c:77
 #8 host_match at hosts_access.c:378
 #9 list_match at hosts_access.c:211
Comment 1 Craig A Martin 2013-07-23 09:22:15 EDT
Created attachment 777318 [details]
File: backtrace
Comment 2 Craig A Martin 2013-07-23 09:22:19 EDT
Created attachment 777319 [details]
File: cgroup
Comment 3 Craig A Martin 2013-07-23 09:22:23 EDT
Created attachment 777320 [details]
File: core_backtrace
Comment 4 Craig A Martin 2013-07-23 09:22:27 EDT
Created attachment 777321 [details]
File: dso_list
Comment 5 Craig A Martin 2013-07-23 09:22:32 EDT
Created attachment 777322 [details]
File: environ
Comment 6 Craig A Martin 2013-07-23 09:22:36 EDT
Created attachment 777323 [details]
File: limits
Comment 7 Craig A Martin 2013-07-23 09:22:40 EDT
Created attachment 777324 [details]
File: maps
Comment 8 Craig A Martin 2013-07-23 09:22:45 EDT
Created attachment 777325 [details]
File: open_fds
Comment 9 Craig A Martin 2013-07-23 09:22:52 EDT
Created attachment 777326 [details]
File: proc_pid_status
Comment 10 Craig A Martin 2013-07-23 09:23:00 EDT
Created attachment 777327 [details]
File: var_log_messages
Comment 11 Michael 2013-08-15 19:48:36 EDT
Hi,
Just got this same crash today, except with openssh-server-6.2p2-5.fc19

I assume it was responding to a shady request. Has someone found a way to drop openssh remotely?!
Comment 12 Michael 2013-08-15 20:50:02 EDT
So I looked at the coredump, the stacktrace was identical to that described by nvwarr ( https://bugzilla.redhat.com/show_bug.cgi?id=977995#c15 ), even down to being triggered by the same IP from India. So this bug is almost definitely the same as https://bugzilla.redhat.com/show_bug.cgi?id=977995
Comment 13 Craig A Martin 2013-08-15 23:52:18 EDT
Hi Michael
Thanks for taking an interest.  I agree that the ssh crashes seem to be triggered by external "attacks" over the internet.  Absolutely nothing was running on my system when they occurred and no one I know was trying to log in.  My ssh server is very secure through hosts.deny so no one got in.  My IP address is not visible on the internet so the attacks (a least the first one) are probably random.  I am not sure where attacks that are crashing the ssh server are coming from but one from China keeps trying (178.19.74.218.broad.hz.zj.dynamic.163data.com.cn)
Comment 14 Michael 2013-08-16 00:45:12 EDT
Hi Craig,
Yes I too am denying ALL:ALL, so no intrusion. Random attempts sounds right, it's just part of the standard scanning for IPv4 services. A segfault in a network service always instils a sense of paranoia as it's hard to know if it's an exploitable problem without some deep digging. It doesn't crash on any request as I can shell in from a whilelisted IP without any issues, so it must be something special about the request being made.
Comment 15 Craig A Martin 2013-08-16 01:05:37 EDT
Agreed.
Comment 16 Petr Lautrbach 2013-08-16 04:10:31 EDT
It's the issue of tcp_wrappers library. Please update to the latest https://admin.fedoraproject.org/updates/tcp_wrappers-7.6-75.fc19

*** This bug has been marked as a duplicate of bug 977995 ***

Note You need to log in before you can comment on or make changes to this bug.