Bug 155187 - CVE-2007-5794 nss_ldap randomly replying with wrong user's data [rhel-4.7]
CVE-2007-5794 nss_ldap randomly replying with wrong user's data [rhel-4.7]
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: nss_ldap (Show other bugs)
4.0
All Linux
high Severity medium
: rc
: ---
Assigned To: Nalin Dahyabhai
Jay Turner
impact=low,source=redhat,reported=200...
: OtherQA, Security
: 243715 (view as bug list)
Depends On:
Blocks: 201333 252337 CVE-2007-5794
  Show dependency treegraph
 
Reported: 2005-04-17 17:00 EDT by Josh Bressers
Modified: 2015-01-07 19:09 EST (History)
9 users (show)

See Also:
Fixed In Version: RHSA-2008-0715
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-07-24 15:55:29 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Josh Bressers 2005-04-17 17:00:45 EDT
+++ This bug was initially created as a clone of Bug #154314 +++

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.6)
Gecko/20050225 Firefox/1.0.1

Description of problem:
Second time already when I hear nss_ldap is replying with wrong results and
causing peoples' mails to be shown to wrong people:

http://www.dovecot.org/list/dovecot/2005-March/006345.html
http://www.dovecot.org/list/dovecot/2005-April/006859.html

Something should really be done about this. At the very least I'm adding a check
to make sure getpwnam() returns the same user name that is being requested, and
if not put out some huge warnings about something being broken..

Version-Release number of selected component (if applicable):


How reproducible:
Sometimes

Steps to Reproduce:
Install Dovecot with nss_pam enabled. Try logging in enough times with different
users and see how at some point it shows you wrong user's mailbox.


Additional info:
Comment 1 Peter Svensson 2006-04-15 06:32:07 EDT
Can this be related to nss_ldap sometimes not closing the filedescriptors across
forks as it is supposed to do? That can cause all sorts of strange errors in the
returned data used by forking daemons. Sendmail suffers quite a bit from this.
Comment 14 RHEL Product and Program Management 2007-05-09 07:23:43 EDT
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 15 Jose Plans 2007-06-11 11:26:24 EDT
*** Bug 243715 has been marked as a duplicate of this bug. ***
Comment 23 Tomas Janousek 2007-12-20 11:27:11 EST
Just realized I've never posted this link:

The last and most reliable reproducer I have for this:
http://people.redhat.com/tjanouse/dovecot/154314/ldaptest2.c
Comment 30 Chris Ward 2008-06-16 04:42:52 EDT
~~~~~~~~~~~~~~
~ Attention: ~ Immediate attention required for this ***High Priority*** bug.
~~~~~~~~~~~~~~

A fix for this issue should be included in the latest packages contained in
**RHEL4.7-Snapshot2**, accessible now on http://partners.redhat.com.

After you (Red Hat Partner) have verified that this issue has been addressed,
submit a comment describing the results of your test in appropriate detail,    
 along with which snapshot and package version tested. The bugzilla will be
updated by Red Hat Quality Engineering for you when this information has been  
    received.

If this issue has not been properly fixed or you are unable to verify the issue
for any reason, please add a comment describing the most recent issues you are
experiencing, along with which snapshot and package version tested. If you are
sure the bug has not been fixed, change the status of the bug to ASSIGNED.

For IssueTracker users, submit verification results as usual; Bugzilla will be
updated by Red Hat Quality Engineering for you.

For additional information, contact your Partner Manager.

Thank you,
Red Hat QE Partner Management
Comment 34 RHEL Product and Program Management 2008-06-16 05:21:15 EDT
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 36 RHEL Product and Program Management 2008-06-18 11:49:41 EDT
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 38 errata-xmlrpc 2008-07-24 15:55:29 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2008-0715.html
Comment 42 Chris Ward 2008-07-29 03:27:00 EDT
Partners, I would like to thank you all for your participation in assuring the
quality of this RHEL 4.7 Update Release. My hat's off to you all. Thanks.

Note You need to log in before you can comment on or make changes to this bug.