Package: smbldap-tools
Version: 0.9.4-1
Followup-For: Bug #568259

I think this bug is more serious than "normal". 
Bad command line arguments can lead to DoS (stopping nscd.

smbldap-useradd stops nscd, then checks if username is not a duplicate,
and starts nscd only if username is syntactically ok and not a duplicate.
If username it is a dupicate, it exits before starting nscd.

This leads (at least in our case) to DoS, nobody could log in using pam_ldap,
until I started nscd manually.

I'm not sure if it should be classified as security problem, but it is serious.
IMHO this should be fixed at least in next point release of stable Debian 
(5.0.5)

Best regards
Vladislav Kurz

-- System Information:
Debian Release: 5.0.4
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-686-bigmem (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=cs_CZ.ISO-8859-2 (charmap=ANSI_X3.4-1968) (ignored: 
LC_ALL set to C)
Shell: /bin/sh linked to /bin/bash

Versions of packages smbldap-tools depends on:
ii  libcrypt-smbhash-perl    0.12-2          generate LM/NT hash of a password 
ii  libdigest-sha1-perl      2.11-2+b1       NIST SHA-1 message digest algorith
ii  libio-socket-ssl-perl    1.16-1+lenny1   Perl module implementing object or
ii  libnet-ldap-perl         1:0.36-1        A Client interface to LDAP servers
ii  libunicode-maputf8-perl  1.11-2          Perl module for conversing between
ii  perl                     5.10.0-19lenny2 Larry Wall's Practical Extraction 

smbldap-tools recommends no packages.

smbldap-tools suggests no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to