Akihiro HIRANO
2016-Mar-09 12:32 UTC
openssl bug causes sshd crashed on FreeBSD 9.3-RELEASE
Hi, On 2016/03/09 19:59, Frank M?ller wrote:> I got the same problem here. > > After updating to FreeBSD 9.3-RELEASE-p37 sshd from the base system crashes by signal 11> when I connect to the server with an old ssh client (e.g. OpenSSH_4.5p1).> Using a newer ssh client versions (e.g. OpenSSH_6.6.1p1 from FreeBSD 9.3-RELEASE-p10)> the sshd works fine. Hum... I tried OpenSSH_6.6.1p1 client on 9.3-RELEASE-p37 and OpenSSH_6.4p1 client on 10.0-RELEASE-p18. Both clients cause sshd on 9.3-RELEASE-p37 crashed by signal 11. Another admin states that postfix smtpd also has the same problem. Using security/openssl is also a workaround for this case. Best Regards, ---- Akihiro HIRANO, Kanazawa University hirano at t.kanazawa-u.ac.jp
Dag-Erling Smørgrav
2016-Mar-09 22:59 UTC
openssl bug causes sshd crashed on FreeBSD 9.3-RELEASE
Akihiro HIRANO <hirano at t.kanazawa-u.ac.jp> writes:> Frank M?ller <moeller at gonicus.de> writes: > > After updating to FreeBSD 9.3-RELEASE-p37 sshd from the base system > > crashes by signal 11 when I connect to the server with an old ssh > > client (e.g. OpenSSH_4.5p1). Using a newer ssh client versions > > (e.g. OpenSSH_6.6.1p1 from FreeBSD 9.3-RELEASE-p10) the sshd works > > fine. > Hum... I tried OpenSSH_6.6.1p1 client on 9.3-RELEASE-p37 > and OpenSSH_6.4p1 client on 10.0-RELEASE-p18. > Both clients cause sshd on 9.3-RELEASE-p37 crashed by signal 11.It depends on which ciphers you use. If my hunch is correct, the bug is somewhere in the codepath for RSA, so newer versions (which default to ECDSA) will be less likely to trigger it, but it will also depend on the server version and whether the server has an ECDSA host key. DES -- Dag-Erling Sm?rgrav - des at des.no