krb5.conf ' # ' in realms section can cause ssh to segv
Simon Wilkinson
simon at sxw.org.uk
Wed Jul 13 16:43:41 EDT 2005
Troy Benjegerdes wrote:
>
> Is this a potential security issue? Granted, if you can edit krb5.conf,
> you can do a lot of other stuff.. but a segv is pretty bad behavior.
You've not really provided enough information to track this down. The
stack trace doesn't have any symbols, and you haven't even said which
version of krb5 or ssh you're running. You've also not provided any
debugging dumps from the ssh client which would help show where the
error is occuring.
If you could let me know those things, I can probably trace this a bit
better. My rough guess is that the client's first call into init_context
is failing, due to the bad configuration. It's then trying to release a
buffer that hasn't been allocated, and so is seg faulting.
I don't think this is a security issue - its client side, rather than
server side, the error isn't as a result of bad incoming data, and ssh
doesn't run with elevated priviledge.
If you can provide more information though, and you're running OpenSSH
with my patches, or code derived from them, it would be good to fix this.
Cheers,
Simon.
More information about the Kerberos
mailing list