Red Hat Bugzilla – Bug 447881
nss_ldap security update breaks bash
Last modified: 2008-05-28 18:09:48 EDT
Description of problem:
Child processes of bash have problems talking to the LDAP server. strace of a process shows that it
attempts to reconnect to the LDAP server and fails. However, a strace of a process doing the same after
downgrading does not show communication with the LDAP server at all.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Log in as a user (not root) on a system using nss_ldap on a 32bit system
2. A=`echo hello`; echo $A
Downgrading to nss_ldap-253-5.el5 fixes the problem
I can confirm this after upgrading to nss_ldap-253-12.el5. It also appears that
running nscd will work around the problem until the issue is resolved.
In our environment, running nscd will allow for logins, but does not allow for su.
I'm having similar issues. After upgrading to RHEL 5.2, ordinary users can no
longer log in (X or console), although authentication seems to succeed. A look
at /var/log/secure shows the session open, then immediately close. Logging in
remotely via ssh produces an interactive session, but almost any shell command I
try (tcsh in this case) results in a "Broken pipe" error message.
Clients are configured to use ldaps to connect to the directory server.
Downgrading the configuration to use plain ldap fixes the problem. Downgrading
to nss_ldap-253-5.el5 also fixes the problem.
*** This bug has been marked as a duplicate of 448014 ***