Red Hat Bugzilla – Bug 111063
netdump starts without netdump user password
Last modified: 2014-06-18 04:28:32 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Description of problem:
When starting netdump on client system, you are prompted for netdump
user password for authentification. If you press "Enter" at all 3
prompts, netdump starts successfully.
I have validated that this is the case even of the ssh key has not
yet been propagated to the netdump-server.
Correct me if I am wrong, but I would assume that the service should
not start if the netdump client cannot supply the correct netdump-
Both the log and vmcore are sent to netdump-server when crash occurs
on unauthenticated systems.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.Configure netdump-server and specify netdump user passwd on netdump
2.Configure NETDUMPADDR=<netdump-server-ip> in /etc/sysconfig/netdump
3.service netdump start
4.Press "Enter" at all 3 netdump user passwd prompts. Service should
Expected Results: I expect that the service should not start.
This issue may be a security issue depending on whether the clients
can launch a DOS on netdump-server by flooding host with vmcore files
The fix has been applied to:
netdump-0.6.11-3 for RHEL3
The netdump errata for RHEL3-U1 has been updated to include this fix.
However, since the beta version of these errata has already been
released, the changes will not be seen until those errata have been