Red Hat Bugzilla – Bug 111063
netdump starts without netdump user password
Last modified: 2014-06-18 04:28:32 EDT
From Bugzilla Helper: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Description of problem: When starting netdump on client system, you are prompted for netdump user password for authentification. If you press "Enter" at all 3 prompts, netdump starts successfully. I have validated that this is the case even of the ssh key has not yet been propagated to the netdump-server. Correct me if I am wrong, but I would assume that the service should not start if the netdump client cannot supply the correct netdump- server password. Both the log and vmcore are sent to netdump-server when crash occurs on unauthenticated systems. Version-Release number of selected component (if applicable): netdump-0.6.10-2 How reproducible: Always Steps to Reproduce: 1.Configure netdump-server and specify netdump user passwd on netdump server. 2.Configure NETDUMPADDR=<netdump-server-ip> in /etc/sysconfig/netdump 3.service netdump start 4.Press "Enter" at all 3 netdump user passwd prompts. Service should start successfully. Expected Results: I expect that the service should not start. Additional info: This issue may be a security issue depending on whether the clients can launch a DOS on netdump-server by flooding host with vmcore files over network.
The fix has been applied to: netdump-0.6.11-3 for RHEL3 The netdump errata for RHEL3-U1 has been updated to include this fix. However, since the beta version of these errata has already been released, the changes will not be seen until those errata have been updated.