[Dovecot] segfault - (imap|pop3)-login during nessus scan
Todd Rinaldo
toddr at cpanel.net
Mon Mar 1 19:48:36 EET 2010
On Feb 22, 2010, at 11:57 AM, Timo Sirainen wrote:
> On 22.2.2010, at 19.49, Todd Rinaldo wrote:
>
>>> gdb -p `pidof imap-login`
>>> cont
>>> <wait for crash>
>>> bt full
>>
>> Tim, Thanks for the feedback. In the other email you sent about re-producing with nessus, note that we're using the checkpassword system, however from strace info so far we think the error happens before any fork happens to the custon auth program.
>
> The crash comes from login process. All authentication is done by dovecot-auth process, so it doesn't matter what kind of auth stuff you're using.
>
>> Program received signal SIGSEGV, Segmentation fault.
>> 0x0000003c7de610a2 in krb5_is_referral_realm () from /usr/lib64/libkrb5.so.3
>> (gdb) bt full
>> #0 0x0000003c7de610a2 in krb5_is_referral_realm () from /usr/lib64/libkrb5.so.3
>> No symbol table info available.
>> #1 0x0000003c7de48ade in krb5_kt_get_entry () from /usr/lib64/libkrb5.so.3
>> No symbol table info available.
>> #2 0x0000003c7fe3871e in kssl_keytab_is_available () from /lib64/libssl.so.6
>> No symbol table info available.
>> #3 0x0000003c7fe1e345 in ssl3_choose_cipher () from /lib64/libssl.so.6
>> No symbol table info available.
>
> Well, that's coming from Kerberos library, which is called by OpenSSL for some reason.. Are you using Kerberos? Anyway it looks to me more like OpenSSL or Kerberos bug.
Tim,
I opened a bug with Red Hat on this issue. Someone just commented in the ticket that the issue is probably related to chroot. Does this put things back in the dovecot court? A full stack trace with symbols is in the ticket now.
https://bugzilla.redhat.com/show_bug.cgi?id=567711
More information about the dovecot
mailing list