[Dovecot] segfault - (imap|pop3)-login during nessus scan

Timo Sirainen tss at iki.fi
Mon Feb 22 19:57:10 EET 2010


On 22.2.2010, at 19.49, Todd Rinaldo wrote:

>> gdb -p `pidof imap-login`
>> cont
>> <wait for crash>
>> bt full
> 
> Tim, Thanks for the feedback. In the other email you sent about re-producing with nessus, note that we're using the checkpassword system, however from strace info so far we think the error happens before any fork happens to the custon auth program.

The crash comes from login process. All authentication is done by dovecot-auth process, so it doesn't matter what kind of auth stuff you're using.

> Program received signal SIGSEGV, Segmentation fault.
> 0x0000003c7de610a2 in krb5_is_referral_realm () from /usr/lib64/libkrb5.so.3
> (gdb) bt full
> #0  0x0000003c7de610a2 in krb5_is_referral_realm () from /usr/lib64/libkrb5.so.3
> No symbol table info available.
> #1  0x0000003c7de48ade in krb5_kt_get_entry () from /usr/lib64/libkrb5.so.3
> No symbol table info available.
> #2  0x0000003c7fe3871e in kssl_keytab_is_available () from /lib64/libssl.so.6
> No symbol table info available.
> #3  0x0000003c7fe1e345 in ssl3_choose_cipher () from /lib64/libssl.so.6
> No symbol table info available.

Well, that's coming from Kerberos library, which is called by OpenSSL for some reason.. Are you using Kerberos? Anyway it looks to me more like OpenSSL or Kerberos bug.


More information about the dovecot mailing list