FreeBSD -- Denial of service attack against sshd(8)
Although OpenSSH is not multithreaded, when OpenSSH is
compiled with Kerberos support, the Heimdal libraries bring
in the POSIX thread library as a dependency. Due to incorrect
library ordering while linking sshd(8), symbols in the C
library which are shadowed by the POSIX thread library may
not be resolved correctly at run time.
Note that this problem is specific to the FreeBSD build
system and does not affect other operating systems or the
version of OpenSSH available from the FreeBSD ports tree.
An incorrectly linked sshd(8) child process may deadlock
while handling an incoming connection. The connection may
then time out or be interrupted by the client, leaving the
deadlocked sshd(8) child process behind. Eventually, the
sshd(8) parent process stops accepting new connections.
An attacker may take advantage of this by repeatedly
connecting and then dropping the connection after having
begun, but not completed, the authentication process.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright