** Description changed:
+ [Impact]
+
+ * The bug is a segfault on yppasswd rendering users unable to change their
passwords
+ * justification for the SRU is the continued request by users and the fact
that it is a very minimal change
+ * the fix ensures that a lib accessing data unconditionally only gets called
if the values are properly initialized
+
+ [Test Case]
+ * install nis
+ * Config in /etc/default/nis: NISSERVER=master
+ * Config in /etc/yp.conf: ypserver 127.0.0.1
+ * Initialize with
+ $ sudo /usr/lib/yp/ypinit -m
+ $ restart rpcbind
+ * Test if your config works
+ $ ypcat passwd
+ should show something like
+ ubuntu:x:1000:1000:Ubuntu:/home/ubuntu:/bin/bash
+ * Trigger the bug
+ $ yppasswd -p ubuntu
+ Changing NIS account information for ubuntu on wily.localdomain.
+ Please enter root password:
+ Changing NIS password for ubuntu on wily.localdomain.
+ Please enter new password:
+ Segmentation fault (core dumped)
+
+ [Regression Potential]
+
+ * While it is assumed to not regress, if it does it is affected to break
yppasswd even more (and while more than a segfault is hard to imagine I mean it
might even break for those people that today got around it by some complex and
weird workarounds.)
+ * The code is only local to the tool yppasswd and it is not part of a lib or
so, so the impact - if any - should stay local
+
+ [Other Info]
+
+ * I really want to encourage the users reporting it being important to them
testing it once in proposed to have more than just my tests.
+ * I wanted to nominate to be able to keep tracking Wily as Fix Released and
Trusty as pending but that doesn't seem to work.
+ It would be great if the Sponsor with the proper permissions could also set
the proper "Affects" status for those two releases
+
+
Sample output from a client (output is identical if run on the server):
$ yppasswd
Changing NIS account information for <user> on <server>.
Please enter old password:
Changing NIS password for <user> on <server>.
Please enter new password:
Segmentation fault (core dumped)
$
-
- This setup worked fine with the 12.04 LTS release. I've purged package nis a
number of times and reinstalled and still get the same behavior. I've also
removed a slave server from the network and reconfigured nis and still get the
same behavior.
+ This setup worked fine with the 12.04 LTS release. I've purged package
+ nis a number of times and reinstalled and still get the same behavior.
+ I've also removed a slave server from the network and reconfigured nis
+ and still get the same behavior.
I thought about listing this as a security vulnerability since the users
cannot change their passwords.
ProblemType: Bug
DistroRelease: Ubuntu 13.04
Package: nis 3.17-32ubuntu5
ProcVersionSignature: Ubuntu 3.8.0-26.38-generic 3.8.13.2
Uname: Linux 3.8.0-26-generic x86_64
ApportVersion: 2.9.2-0ubuntu8.1
Architecture: amd64
Date: Wed Jul 24 09:07:09 2013
InstallationDate: Installed on 2010-05-24 (1156 days ago)
InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release amd64 (20100429)
MarkForUpload: True
SourcePackage: nis
UpgradeStatus: Upgraded to raring on 2013-05-19 (65 days ago)
** Changed in: nis (Ubuntu Trusty)
Assignee: (unassigned) => ChristianEhrhardt (paelzer)
** Changed in: nis (Ubuntu Trusty)
Status: New => Triaged
** Changed in: nis (Ubuntu Trusty)
Importance: Undecided => High
** Description changed:
[Impact]
- * The bug is a segfault on yppasswd rendering users unable to change their
passwords
- * justification for the SRU is the continued request by users and the fact
that it is a very minimal change
- * the fix ensures that a lib accessing data unconditionally only gets called
if the values are properly initialized
+ * The bug is a segfault on yppasswd rendering users unable to change their
passwords
+ * justification for the SRU is the continued request by users and the fact
that it is a very minimal change
+ * the fix ensures that a lib accessing data unconditionally only gets called
if the values are properly initialized
[Test Case]
- * install nis
- * Config in /etc/default/nis: NISSERVER=master
- * Config in /etc/yp.conf: ypserver 127.0.0.1
- * Initialize with
- $ sudo /usr/lib/yp/ypinit -m
- $ restart rpcbind
- * Test if your config works
- $ ypcat passwd
- should show something like
- ubuntu:x:1000:1000:Ubuntu:/home/ubuntu:/bin/bash
- * Trigger the bug
- $ yppasswd -p ubuntu
- Changing NIS account information for ubuntu on wily.localdomain.
- Please enter root password:
- Changing NIS password for ubuntu on wily.localdomain.
- Please enter new password:
- Segmentation fault (core dumped)
+ * install nis
+ * Config in /etc/default/nis: NISSERVER=master
+ * Config in /etc/yp.conf: ypserver 127.0.0.1
+ * Initialize with
+ $ sudo /usr/lib/yp/ypinit -m
+ $ restart rpcbind
+ * Test if your config works
+ $ ypcat passwd
+ should show something like
+ ubuntu:x:1000:1000:Ubuntu:/home/ubuntu:/bin/bash
+ * Trigger the bug
+ $ yppasswd -p ubuntu
+ Changing NIS account information for ubuntu on wily.localdomain.
+ Please enter root password:
+ Changing NIS password for ubuntu on wily.localdomain.
+ Please enter new password:
+ Segmentation fault (core dumped)
[Regression Potential]
- * While it is assumed to not regress, if it does it is affected to break
yppasswd even more (and while more than a segfault is hard to imagine I mean it
might even break for those people that today got around it by some complex and
weird workarounds.)
- * The code is only local to the tool yppasswd and it is not part of a lib or
so, so the impact - if any - should stay local
+ * While it is assumed to not regress, if it does it is affected to break
yppasswd even more (and while more than a segfault is hard to imagine I mean it
might even break for those people that today got around it by some complex and
weird workarounds.)
+ * The code is only local to the tool yppasswd and it is not part of a lib or
so, so the impact - if any - should stay local
[Other Info]
-
- * I really want to encourage the users reporting it being important to them
testing it once in proposed to have more than just my tests.
- * I wanted to nominate to be able to keep tracking Wily as Fix Released and
Trusty as pending but that doesn't seem to work.
- It would be great if the Sponsor with the proper permissions could also set
the proper "Affects" status for those two releases
-
+ * I really would like to encourage the users reporting it being important to
them testing it once in proposed to have more than just my tests.
Sample output from a client (output is identical if run on the server):
$ yppasswd
Changing NIS account information for <user> on <server>.
Please enter old password:
Changing NIS password for <user> on <server>.
Please enter new password:
Segmentation fault (core dumped)
$
This setup worked fine with the 12.04 LTS release. I've purged package
nis a number of times and reinstalled and still get the same behavior.
I've also removed a slave server from the network and reconfigured nis
and still get the same behavior.
I thought about listing this as a security vulnerability since the users
cannot change their passwords.
ProblemType: Bug
DistroRelease: Ubuntu 13.04
Package: nis 3.17-32ubuntu5
ProcVersionSignature: Ubuntu 3.8.0-26.38-generic 3.8.13.2
Uname: Linux 3.8.0-26-generic x86_64
ApportVersion: 2.9.2-0ubuntu8.1
Architecture: amd64
Date: Wed Jul 24 09:07:09 2013
InstallationDate: Installed on 2010-05-24 (1156 days ago)
InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release amd64 (20100429)
MarkForUpload: True
SourcePackage: nis
UpgradeStatus: Upgraded to raring on 2013-05-19 (65 days ago)
** Patch added: "SRU Debdiff for Trusty"
https://bugs.launchpad.net/ubuntu/+source/nis/+bug/1204530/+attachment/4689136/+files/bug-1204530-SRU-nis_3.17-32ubuntu6-to-nis_3.17-32ubuntu6.1.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1204530
Title:
yppasswd results in a segmentation fault when run on clients or server
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nis/+bug/1204530/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
