Login | Register For Free | Help	Search this list this category for: (Advanced)

Mailing List Archive: OpenSSH: Bugs [Bug 2019] After a possible buffer overflow attack sshd does not accept connections any longer.   Index | Next | Previous | View Flat

bugzilla-daemon at bugzilla Jun 16, 2012, 8:39 PM Views: 58 Permalink [Bug 2019] After a possible buffer overflow attack sshd does not accept connections any longer. https://bugzilla.mindrot.org/show_bug.cgi?id=2019 Darren Tucker <dtucker [at] zip> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dtucker [at] zip --- Comment #1 from Darren Tucker <dtucker [at] zip> 2012-06-17 13:39:30 EST --- There's not a lot of information to go on here. My guess is that the main sshd is running out of file descriptors but that's only a guess. Can you reproduce the problem with the current version of OpenSSH? What exactly does this "Regina Scan" thing send to sshd? Does it make lots of separate connections in parallel or in series? What version of HPUX are you using and does it have a native /dev/random device? If not, are you using prngd? What's the ulimit setting for number of files (ulimit -n)? A couple of possible workarounds: 1) increase the number of file descriptors in whichever script starts sshd (ie put "ulimit -n 4096" or some suitably large number somewhere before sshd is invoked). 2) Reduce MaxStartups to, say, half of what it's currently set to. This will mean that you'll have less unauthenticated connections at any time which should reduce the peak number of descriptors in use. 3) run sshd with the (undocumented) "-r" flag, which will turn off the reexec behaviour, which will also reduce the number of descriptors in use. Note that this will also disable the protection of any run-time randomization (ASLR, stack cookies and such) so if your OS actually provides any of these things you'll actually be *more* at risk. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list openssh-bugs [at] mindrot https://lists.mindrot.org/mailman/listinfo/openssh-bugs

Subject User Time [Bug 2019] After a possible buffer overflow attack sshd does not accept connections any longer. bugzilla-daemon at bugzilla Jun 16, 2012, 8:39 PM

Index | Next | Previous | View Flat   OpenSSH     Announce     Users     Dev     Bugs     Commits

Interested in having your list archived? Contact Gossamer Threads
 

Web Applications & Managed Hosting Powered by Gossamer Threads Inc.