Bug 111063 - netdump starts without netdump user password
netdump starts without netdump user password
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: netdump (Show other bugs)
3.0
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Thomas Graf
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-11-26 16:24 EST by jacob liberman
Modified: 2014-06-18 04:28 EDT (History)
1 user (show)

See Also:
Fixed In Version: RHEL3
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-06-13 16:47:27 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description jacob liberman 2003-11-26 16:24:02 EST
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

Description of problem:
When starting netdump on client system, you are prompted for netdump 
user password for authentification. If you press "Enter" at all 3 
prompts, netdump starts successfully.

I have validated that this is the case even of the ssh key has not 
yet been propagated to the netdump-server.

Correct me if I am wrong, but I would assume that the service should 
not start if the netdump client cannot supply the correct netdump-
server password.

Both the log and vmcore are sent to netdump-server when crash occurs 
on unauthenticated systems.

Version-Release number of selected component (if applicable):
netdump-0.6.10-2

How reproducible:
Always

Steps to Reproduce:
1.Configure netdump-server and specify netdump user passwd on netdump 
server.
2.Configure NETDUMPADDR=<netdump-server-ip> in /etc/sysconfig/netdump
3.service netdump start
4.Press "Enter" at all 3 netdump user passwd prompts. Service should 
start successfully.
    

Expected Results:  I expect that the service should not start.

Additional info:

This issue may be a security issue depending on whether the clients 
can launch a DOS on netdump-server by flooding host with vmcore files 
over network.
Comment 1 Dave Anderson 2003-12-02 15:12:53 EST
The fix has been applied to:

  netdump-0.6.11-3 for RHEL3

The netdump errata for RHEL3-U1 has been updated to include this fix. 
However, since the beta version of these errata has already been
released, the changes will not be seen until those errata have been
updated.

Note You need to log in before you can comment on or make changes to this bug.