[24292] in Kerberos
Re: krb5.conf ' # ' in realms section can cause ssh to segv
daemon@ATHENA.MIT.EDU (Troy Benjegerdes)
Wed Jul 13 18:27:55 2005
Date: Wed, 13 Jul 2005 17:27:12 -0500
From: Troy Benjegerdes <hozer@hozed.org>
To: Simon Wilkinson <simon@sxw.org.uk>
Message-ID: <20050713222712.GK16924@kalmia.hozed.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
In-Reply-To: <42D57CFD.1090101@sxw.org.uk>
cc: kerberos@mit.edu
Errors-To: kerberos-bounces@mit.edu
On Wed, Jul 13, 2005 at 09:43:41PM +0100, Simon Wilkinson wrote:
> Troy Benjegerdes wrote:
> >
> > Is this a potential security issue? Granted, if you can edit krb5.conf,
> > you can do a lot of other stuff.. but a segv is pretty bad behavior.
>
> You've not really provided enough information to track this down. The
> stack trace doesn't have any symbols, and you haven't even said which
> version of krb5 or ssh you're running. You've also not provided any
> debugging dumps from the ssh client which would help show where the
> error is occuring.
>
> If you could let me know those things, I can probably trace this a bit
> better. My rough guess is that the client's first call into init_context
> is failing, due to the bad configuration. It's then trying to release a
> buffer that hasn't been allocated, and so is seg faulting.
>
> I don't think this is a security issue - its client side, rather than
> server side, the error isn't as a result of bad incoming data, and ssh
> doesn't run with elevated priviledge.
>
> If you can provide more information though, and you're running OpenSSH
> with my patches, or code derived from them, it would be good to fix this.
Debian-powerpc, running sarge:
ii libkrb53 1.3.6-3 MIT Kerberos runtime libraries
ii ssh-krb5 3.8.1p1-8 Secure rlogin/rsh/rcp replacement
I also know the segv occurred immediately after opening /etc/krb5.conf,
but the strace log is gone from my scrollback.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
