[Bug 293000] Re: hardy: openssh-server oom_adj can lead to denial of service
Mathew Hodson
mathew.hodson at gmail.com
Sat Jul 9 20:21:47 UTC 2016
** Package changed: debian => openssh (Debian)
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/293000
Title:
hardy: openssh-server oom_adj can lead to denial of service
Status in openssh package in Ubuntu:
Fix Released
Status in openssh source package in Hardy:
Won't Fix
Status in openssh package in Debian:
Fix Released
Bug description:
Binary package hint: openssh-server
The ssh init script sets the /proc/$PID/oom_adj value to -17 to avoid
being killed by the OOM killer in low memory situations. Unfortunately
all child processes of sshd inherit this setting.
So any user with ssh access can easily launch a process which
accumulates memory without being killed by the kernel until the system
gets to out of memory kernel panic. This will lead to a denial of
service.
The bug is already reported in the debian bug tracker under the following location:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480020
The fix is included in openssh/1:4.7p1-11. Please update Hardy to this
package version.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/293000/+subscriptions
More information about the foundations-bugs
mailing list