Bug 111063 - netdump starts without netdump user password
Summary: netdump starts without netdump user password
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: netdump   
(Show other bugs)
Version: 3.0
Hardware: i386 Linux
Target Milestone: ---
Assignee: Thomas Graf
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2003-11-26 21:24 UTC by jacob liberman
Modified: 2014-06-18 08:28 UTC (History)
1 user (show)

Fixed In Version: RHEL3
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-06-13 20:47:27 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description jacob liberman 2003-11-26 21:24:02 UTC
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

Description of problem:
When starting netdump on client system, you are prompted for netdump 
user password for authentification. If you press "Enter" at all 3 
prompts, netdump starts successfully.

I have validated that this is the case even of the ssh key has not 
yet been propagated to the netdump-server.

Correct me if I am wrong, but I would assume that the service should 
not start if the netdump client cannot supply the correct netdump-
server password.

Both the log and vmcore are sent to netdump-server when crash occurs 
on unauthenticated systems.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.Configure netdump-server and specify netdump user passwd on netdump 
2.Configure NETDUMPADDR=<netdump-server-ip> in /etc/sysconfig/netdump
3.service netdump start
4.Press "Enter" at all 3 netdump user passwd prompts. Service should 
start successfully.

Expected Results:  I expect that the service should not start.

Additional info:

This issue may be a security issue depending on whether the clients 
can launch a DOS on netdump-server by flooding host with vmcore files 
over network.

Comment 1 Dave Anderson 2003-12-02 20:12:53 UTC
The fix has been applied to:

  netdump-0.6.11-3 for RHEL3

The netdump errata for RHEL3-U1 has been updated to include this fix. 
However, since the beta version of these errata has already been
released, the changes will not be seen until those errata have been

Note You need to log in before you can comment on or make changes to this bug.