yppasswd results in a segmentation fault when run on clients or server
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
nis (Debian) |
Fix Released
|
Unknown
|
|||
nis (Ubuntu) |
Fix Released
|
High
|
Christian Ehrhardt | ||
Trusty |
Fix Released
|
High
|
Christian Ehrhardt |
Bug Description
[Impact]
* The bug is a segfault on yppasswd rendering users unable to change their passwords
* justification for the SRU is the continued request by users and the fact that it is a very minimal change
* the fix ensures that a lib accessing data unconditionally only gets called if the values are properly initialized
[Test Case]
* install nis
* Config in /etc/default/nis: NISSERVER=master
* Config in /etc/yp.conf: ypserver 127.0.0.1
* Initialize with
$ sudo /usr/lib/yp/ypinit -m
$ restart rpcbind
* Test if your config works
$ ypcat passwd
should show something like
ubuntu:
* Trigger the bug
$ yppasswd -p ubuntu
Changing NIS account information for ubuntu on wily.localdomain.
Please enter root password:
Changing NIS password for ubuntu on wily.localdomain.
Please enter new password:
Segmentation fault (core dumped)
[Regression Potential]
* While it is assumed to not regress, if it does it is affected to break yppasswd even more (and while more than a segfault is hard to imagine I mean it might even break for those people that today got around it by some complex and weird workarounds.)
* The code is only local to the tool yppasswd and it is not part of a lib or so, so the impact - if any - should stay local
[Other Info]
* I really would like to encourage the users reporting it being important to them testing it once in proposed to have more than just my tests.
Sample output from a client (output is identical if run on the server):
$ yppasswd
Changing NIS account information for <user> on <server>.
Please enter old password:
Changing NIS password for <user> on <server>.
Please enter new password:
Segmentation fault (core dumped)
$
This setup worked fine with the 12.04 LTS release. I've purged package nis a number of times and reinstalled and still get the same behavior. I've also removed a slave server from the network and reconfigured nis and still get the same behavior.
I thought about listing this as a security vulnerability since the users cannot change their passwords.
ProblemType: Bug
DistroRelease: Ubuntu 13.04
Package: nis 3.17-32ubuntu5
ProcVersionSign
Uname: Linux 3.8.0-26-generic x86_64
ApportVersion: 2.9.2-0ubuntu8.1
Architecture: amd64
Date: Wed Jul 24 09:07:09 2013
InstallationDate: Installed on 2010-05-24 (1156 days ago)
InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release amd64 (20100429)
MarkForUpload: True
SourcePackage: nis
UpgradeStatus: Upgraded to raring on 2013-05-19 (65 days ago)
Changed in nis (Ubuntu): | |
importance: | Undecided → High |
Changed in nis (Ubuntu): | |
assignee: | nobody → Vangelis Mavromichalis (ekmavr) |
Changed in nis (Ubuntu): | |
assignee: | Vangelis Mavromichalis (ekmavr) → nobody |
Changed in nis: | |
status: | Unknown → Fix Released |
tags: | added: bitesize |
no longer affects: | nis |
tags: | added: server-next |
Changed in nis (Debian): | |
status: | Unknown → Fix Released |
Changed in nis (Ubuntu): | |
assignee: | nobody → ChristianEhrhardt (paelzer) |
status: | Confirmed → In Progress |
description: | updated |
Changed in nis (Ubuntu Trusty): | |
assignee: | nobody → ChristianEhrhardt (paelzer) |
status: | New → Triaged |
importance: | Undecided → High |
description: | updated |
I should add, I've purged and reinstalled/ reconfigured package "nis" on both the server(s) and clients a number of times but still get the same behavior.