sshd: buffer_get trying to get more bytes than in buffer
Matthew Seaman
m.seaman at infracaninophile.co.uk
Mon Apr 21 03:23:26 PDT 2003
On Mon, Apr 21, 2003 at 11:20:21AM +0300, Toomas Aas wrote:
> Hello!
>
> I've noticed that one of my users logging in via ssh from one particular IP
> always causes this message to appear in auth.log:
>
> Apr 20 15:43:18 heerold sshd[18766]: fatal: buffer_get: trying to get more bytes 4 than in buffer 0
>
> The same user logs in from several different IP-s and the message only
> appears when he logs in from one particular IP. This leads me to believe
> that it might be just a quirk in the SSH client software he uses on this
> particular PC, but I just wanted to confirm that it's not actually an
> indication of Something Evil in progress.
In thses sort of cases it's always a good idea to cut'n'paste the
error message into Google.
Apart from turning up a worrying number of sites that have a binary of
'sftp-server' and other programs from the ssh package accessible on
their websites, you'll find links to this e-mail:
http://www.securityfocus.com/archive/121/261925/2002-03-08/2002-03-14/2
Looks like damage to the user's authorized_keys file:
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20030421/707a1e51/attachment.bin
More information about the freebsd-questions
mailing list