[Bug 1204530] [NEW] yppasswd results in a segmentation fault when run on clients or server

Launchpad Bug Tracker 1204530 at bugs.launchpad.net
Thu Jun 23 14:34:52 UTC 2016 

You have been subscribed to a public bug by ChristianEhrhardt (paelzer):

[Impact]

 * The bug is a segfault on yppasswd rendering users unable to change their passwords
 * justification for the SRU is the continued request by users and the fact that it is a very minimal change
 * the fix ensures that a lib accessing data unconditionally only gets called if the values are properly initialized

[Test Case]
 * install nis
 * Config in /etc/default/nis: NISSERVER=master
 * Config in /etc/yp.conf: ypserver 127.0.0.1
 * Initialize with
     $ sudo /usr/lib/yp/ypinit -m
     $ restart rpcbind
 * Test if your config works
     $ ypcat passwd
     should show something like
     ubuntu:x:1000:1000:Ubuntu:/home/ubuntu:/bin/bash
 * Trigger the bug
     $ yppasswd -p ubuntu
     Changing NIS account information for ubuntu on wily.localdomain.
     Please enter root password:
     Changing NIS password for ubuntu on wily.localdomain.
     Please enter new password:
     Segmentation fault (core dumped)

[Regression Potential]

 * While it is assumed to not regress, if it does it is affected to break yppasswd even more (and while more than a segfault is hard to imagine I mean it might even break for those people that today got around it by some complex and weird workarounds.)
 * The code is only local to the tool yppasswd and it is not part of a lib or so, so the impact - if any - should stay local

[Other Info]
 * I really would like to encourage the users reporting it being important to them testing it once in proposed to have more than just my tests.

Sample output from a client (output is identical if run on the server):

$ yppasswd
Changing NIS account information for <user> on <server>.
Please enter old password:
Changing NIS password for <user> on <server>.
Please enter new password:
Segmentation fault (core dumped)
$

This setup worked fine with the 12.04 LTS release. I've purged package
nis a number of times and reinstalled and still get the same behavior.
I've also removed a slave server from the network and reconfigured nis
and still get the same behavior.

I thought about listing this as a security vulnerability since the users
cannot change their passwords.

ProblemType: Bug
DistroRelease: Ubuntu 13.04
Package: nis 3.17-32ubuntu5
ProcVersionSignature: Ubuntu 3.8.0-26.38-generic 3.8.13.2
Uname: Linux 3.8.0-26-generic x86_64
ApportVersion: 2.9.2-0ubuntu8.1
Architecture: amd64
Date: Wed Jul 24 09:07:09 2013
InstallationDate: Installed on 2010-05-24 (1156 days ago)
InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release amd64 (20100429)
MarkForUpload: True
SourcePackage: nis
UpgradeStatus: Upgraded to raring on 2013-05-19 (65 days ago)

** Affects: nis (Ubuntu)
     Importance: High
     Assignee: ChristianEhrhardt (paelzer)
         Status: Fix Released

** Affects: nis (Ubuntu Trusty)
     Importance: High
     Assignee: ChristianEhrhardt (paelzer)
         Status: Triaged

** Affects: nis (Debian)
     Importance: Unknown
         Status: Fix Released


** Tags: amd64 apport-bug bitesize raring server-next
-- 
yppasswd results in a segmentation fault when run on clients or server
https://bugs.launchpad.net/bugs/1204530
You received this bug notification because you are a member of Ubuntu Sponsors Team, which is subscribed to the bug report.

More information about the Ubuntu-sponsors mailing list