https://bugzilla.mindrot.org/show_bug.cgi?id=3401
Bug ID: 3401
Summary: Illegal hardware instruction
Product: Portable OpenSSH
Version: 8.9p1
Hardware: All
OS: Linux
Status: NEW
Severity: security
Priority: P5
Component: sshd
Assignee: [email protected]
Reporter: [email protected]
Created attachment 3578
--> https://bugzilla.mindrot.org/attachment.cgi?id=3578&action=edit
PoC configuration file for ssh. Usage: "sshd -t -f poc.conf"
* LOW RISK/Further testing is required to understand the issue.
An illegal hardware instruction that crashes sshd occurs under some
circumstances when input is provided through its configuration file.
The problem resides in the "RekeyLimit" configuration option, when
maximum amount of time that may pass before the session key is
renegotiated is provided.
The biggest risk is Availability of sshd, particularly for cases where
mass configuration of servers is done through automated pipelines that
dynamically generate the configuration files and might generate a input
value that that triggers the issue.
=========================
PoC Command output:
=========================
valgrind sshd -t -f poc.conf
Valgrind output:
...
...
==3348611== Process terminating with default action of signal 4
(SIGILL)
==3348611== Illegal opcode at address 0x1857A5
==3348611== at 0x1857A5: UnknownInlinedFun (fmt_scaled.c:122)
==3348611== by 0x1857A5: process_server_config_line_depth
(servconf.c:1682)
==3348611== by 0x185EA6: parse_server_config_depth (servconf.c:2687)
==3348611== by 0x186F39: parse_server_config (servconf.c:2704)
==3348611== by 0x1576CC: main (sshd.c:1742)
...
...
zsh: illegal hardware instruction
=========================
See attached file poc.conf
---
Carlos Andres Ramirez
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
[email protected]
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
