Bug 121734
Summary: | openssl kills pam_ldap with SIGSEGV in err_cmp when authenticating against ldaps:// | ||||||
---|---|---|---|---|---|---|---|
Product: | [Retired] Fedora Legacy | Reporter: | rob <rob.myers> | ||||
Component: | nss_ldap | Assignee: | Fedora Legacy Bugs <bugs> | ||||
Status: | CLOSED CANTFIX | QA Contact: | |||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | fc1 | CC: | jbourne | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | i686 | ||||||
OS: | Linux | ||||||
Whiteboard: | DEFER | ||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2008-11-08 21:26:45 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
rob
2004-04-26 21:14:59 UTC
Created attachment 99703 [details]
backtrace from core dump
same problem exists with Fedora Core 2 Test 3. *** Bug 121923 has been marked as a duplicate of this bug. *** Does the crash still happen with FC4 test releases? i have not yet had a problem with FC3 or RHEL4. i have not used FC4 test but assume that it would not regress from FC3. perhaps this bug should be moved to legacy as it could be security relevant? You're right that it could be security relevant however the question is which code is the culprit. I'd suppose nss_ldap or openldap because there were no significant changes which could affect this bug between FC2 and FC3 in the openssl package. I have had this problem with FC3, but have not tried FC4-test yet. I am running RHEL4 and there have been not issues with xscreensaver in this version as yet. This doesn't seem to be important enough to fix just on its own, so mark it DEFER. I would like to think that a bug that possibley causes a pam module to segfault would be important enough to fix just on its own or at least rule that out... It seems fairly clear that the error and segfault happens in err.c line 904 (which is part of openssl, crypto/err/err.c) based on the backtrace. It is possible in more recent versions there is a fixed issue but if this is still happening in FC2/FC3 and older it would be wise to at least produce a security advisory that states xscreensaver and other programs which depend on SSL may crash in certain unknown cases, possibly leaving a system without basic security... Regards fwiw, i still haven't seen this issue occur once in 6-8 months of running a number of RHEL4 machines. Is this still a problem with the openssl released around October 30th? openssl-0.9.7a-35.2.legacy Please note that Fedora Legacy no longer supports FC1 or FC2. Closing Fedora Legacy bugs. |