Red Hat Bugzilla – Bug 155187
CVE-2007-5794 nss_ldap randomly replying with wrong user's data [rhel-4.7]
Last modified: 2015-01-07 19:09:46 EST
+++ This bug was initially created as a clone of Bug #154314 +++
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.6)
Description of problem:
Second time already when I hear nss_ldap is replying with wrong results and
causing peoples' mails to be shown to wrong people:
Something should really be done about this. At the very least I'm adding a check
to make sure getpwnam() returns the same user name that is being requested, and
if not put out some huge warnings about something being broken..
Version-Release number of selected component (if applicable):
Steps to Reproduce:
Install Dovecot with nss_pam enabled. Try logging in enough times with different
users and see how at some point it shows you wrong user's mailbox.
Can this be related to nss_ldap sometimes not closing the filedescriptors across
forks as it is supposed to do? That can cause all sorts of strange errors in the
returned data used by forking daemons. Sendmail suffers quite a bit from this.
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release. Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products. This request is not yet committed for inclusion in an Update
*** Bug 243715 has been marked as a duplicate of this bug. ***
Just realized I've never posted this link:
The last and most reliable reproducer I have for this:
~ Attention: ~ Immediate attention required for this ***High Priority*** bug.
A fix for this issue should be included in the latest packages contained in
**RHEL4.7-Snapshot2**, accessible now on http://partners.redhat.com.
After you (Red Hat Partner) have verified that this issue has been addressed,
submit a comment describing the results of your test in appropriate detail,
along with which snapshot and package version tested. The bugzilla will be
updated by Red Hat Quality Engineering for you when this information has been
If this issue has not been properly fixed or you are unable to verify the issue
for any reason, please add a comment describing the most recent issues you are
experiencing, along with which snapshot and package version tested. If you are
sure the bug has not been fixed, change the status of the bug to ASSIGNED.
For IssueTracker users, submit verification results as usual; Bugzilla will be
updated by Red Hat Quality Engineering for you.
For additional information, contact your Partner Manager.
Red Hat QE Partner Management
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
Partners, I would like to thank you all for your participation in assuring the
quality of this RHEL 4.7 Update Release. My hat's off to you all. Thanks.