[Bug 1204530] Re: yppasswd results in a segmentation fault when run on clients or server

Robie Basak 1204530 at bugs.launchpad.net
Mon Jun 27 13:52:08 UTC 2016 

Uploaded. Thanks!

** Changed in: nis (Ubuntu Trusty)
       Status: Triaged => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1204530

Title:
  yppasswd results in a segmentation fault when run on clients or server

Status in nis package in Ubuntu:
  Fix Released
Status in nis source package in Trusty:
  In Progress
Status in nis package in Debian:
  Fix Released

Bug description:
  [Impact]

   * The bug is a segfault on yppasswd rendering users unable to change their passwords
   * justification for the SRU is the continued request by users and the fact that it is a very minimal change
   * the fix ensures that a lib accessing data unconditionally only gets called if the values are properly initialized

  [Test Case]
   * install nis
   * Config in /etc/default/nis: NISSERVER=master
   * Config in /etc/yp.conf: ypserver 127.0.0.1
   * Initialize with
       $ sudo /usr/lib/yp/ypinit -m
       $ restart rpcbind
   * Test if your config works
       $ ypcat passwd
       should show something like
       ubuntu:x:1000:1000:Ubuntu:/home/ubuntu:/bin/bash
   * Trigger the bug
       $ yppasswd -p ubuntu
       Changing NIS account information for ubuntu on wily.localdomain.
       Please enter root password:
       Changing NIS password for ubuntu on wily.localdomain.
       Please enter new password:
       Segmentation fault (core dumped)

  [Regression Potential]

   * While it is assumed to not regress, if it does it is affected to break yppasswd even more (and while more than a segfault is hard to imagine I mean it might even break for those people that today got around it by some complex and weird workarounds.)
   * The code is only local to the tool yppasswd and it is not part of a lib or so, so the impact - if any - should stay local

  [Other Info]
   * I really would like to encourage the users reporting it being important to them testing it once in proposed to have more than just my tests.

  Sample output from a client (output is identical if run on the
  server):

  $ yppasswd
  Changing NIS account information for <user> on <server>.
  Please enter old password:
  Changing NIS password for <user> on <server>.
  Please enter new password:
  Segmentation fault (core dumped)
  $

  This setup worked fine with the 12.04 LTS release. I've purged package
  nis a number of times and reinstalled and still get the same behavior.
  I've also removed a slave server from the network and reconfigured nis
  and still get the same behavior.

  I thought about listing this as a security vulnerability since the
  users cannot change their passwords.

  ProblemType: Bug
  DistroRelease: Ubuntu 13.04
  Package: nis 3.17-32ubuntu5
  ProcVersionSignature: Ubuntu 3.8.0-26.38-generic 3.8.13.2
  Uname: Linux 3.8.0-26-generic x86_64
  ApportVersion: 2.9.2-0ubuntu8.1
  Architecture: amd64
  Date: Wed Jul 24 09:07:09 2013
  InstallationDate: Installed on 2010-05-24 (1156 days ago)
  InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release amd64 (20100429)
  MarkForUpload: True
  SourcePackage: nis
  UpgradeStatus: Upgraded to raring on 2013-05-19 (65 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nis/+bug/1204530/+subscriptions

More information about the Ubuntu-sponsors mailing list