FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Denial of service attack against sshd(8)

Affected packages
10.0 <= FreeBSD < 10.0_12
9.2 <= FreeBSD < 9.2_15
9.1 <= FreeBSD < 9.1_22

Details

VuXML ID 73e9a137-6007-11e6-a6c3-14dae9d210b8
Discovery 2014-11-04
Entry 2016-08-11

Problem Description:

Although OpenSSH is not multithreaded, when OpenSSH is compiled with Kerberos support, the Heimdal libraries bring in the POSIX thread library as a dependency. Due to incorrect library ordering while linking sshd(8), symbols in the C library which are shadowed by the POSIX thread library may not be resolved correctly at run time.

Note that this problem is specific to the FreeBSD build system and does not affect other operating systems or the version of OpenSSH available from the FreeBSD ports tree.

Impact:

An incorrectly linked sshd(8) child process may deadlock while handling an incoming connection. The connection may then time out or be interrupted by the client, leaving the deadlocked sshd(8) child process behind. Eventually, the sshd(8) parent process stops accepting new connections.

An attacker may take advantage of this by repeatedly connecting and then dropping the connection after having begun, but not completed, the authentication process.

References

CVE Name CVE-2014-8475
FreeBSD Advisory SA-14:24.sshd