Red Hat Bugzilla – Bug 447881
nss_ldap security update breaks bash
Last modified: 2008-05-28 18:09:48 EDT
Description of problem: Child processes of bash have problems talking to the LDAP server. strace of a process shows that it attempts to reconnect to the LDAP server and fails. However, a strace of a process doing the same after downgrading does not show communication with the LDAP server at all. Version-Release number of selected component (if applicable): nss_ldap-253-12.el5 How reproducible: 100% Steps to Reproduce: 1. Log in as a user (not root) on a system using nss_ldap on a 32bit system 2. A=`echo hello`; echo $A Actual results: Blank output Expected results: hello Additional info: Downgrading to nss_ldap-253-5.el5 fixes the problem
I can confirm this after upgrading to nss_ldap-253-12.el5. It also appears that running nscd will work around the problem until the issue is resolved.
In our environment, running nscd will allow for logins, but does not allow for su.
I'm having similar issues. After upgrading to RHEL 5.2, ordinary users can no longer log in (X or console), although authentication seems to succeed. A look at /var/log/secure shows the session open, then immediately close. Logging in remotely via ssh produces an interactive session, but almost any shell command I try (tcsh in this case) results in a "Broken pipe" error message. Clients are configured to use ldaps to connect to the directory server. Downgrading the configuration to use plain ldap fixes the problem. Downgrading to nss_ldap-253-5.el5 also fixes the problem.
*** This bug has been marked as a duplicate of 448014 ***