Package: smbldap-tools Version: 0.9.4-1 Followup-For: Bug #568259
I think this bug is more serious than "normal". Bad command line arguments can lead to DoS (stopping nscd. smbldap-useradd stops nscd, then checks if username is not a duplicate, and starts nscd only if username is syntactically ok and not a duplicate. If username it is a dupicate, it exits before starting nscd. This leads (at least in our case) to DoS, nobody could log in using pam_ldap, until I started nscd manually. I'm not sure if it should be classified as security problem, but it is serious. IMHO this should be fixed at least in next point release of stable Debian (5.0.5) Best regards Vladislav Kurz -- System Information: Debian Release: 5.0.4 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.26-2-686-bigmem (SMP w/4 CPU cores) Locale: LANG=C, LC_CTYPE=cs_CZ.ISO-8859-2 (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C) Shell: /bin/sh linked to /bin/bash Versions of packages smbldap-tools depends on: ii libcrypt-smbhash-perl 0.12-2 generate LM/NT hash of a password ii libdigest-sha1-perl 2.11-2+b1 NIST SHA-1 message digest algorith ii libio-socket-ssl-perl 1.16-1+lenny1 Perl module implementing object or ii libnet-ldap-perl 1:0.36-1 A Client interface to LDAP servers ii libunicode-maputf8-perl 1.11-2 Perl module for conversing between ii perl 5.10.0-19lenny2 Larry Wall's Practical Extraction smbldap-tools recommends no packages. smbldap-tools suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

