Bug#560333: marked as done (libc6: getpwnam shows shadow passwords of NIS users)

Debian Bug Tracking System Wed, 06 Jan 2010 16:25:36 -0800

Your message dated Thu, 07 Jan 2010 00:19:04 +0000
with message-id <e1nsg5g-0000fl...@ries.debian.org>
and subject line Bug#560333: fixed in eglibc 2.10.2-4
has caused the Debian Bug report #560333,
regarding libc6: getpwnam shows shadow passwords of NIS users
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
560333: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560333
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: libc6
Version: 2.7-18
Severity: normal

Hello,

I have several machines where almost all user accounts come by NIS. The NIS
server is running on a Solaris machine. As usual, the Solaris NIS server
exports the passwd data in the map "passwd" and the shadow data in the map
"passwd.adjunct.byname". These two maps are mangled together in some calls
of libc6, for example in getpwnam. This makes it possible for every user who
has an account on the NIS client machine to see the encrypted passwords of
all NIS users. This is a grave security bug.

Furthermore, getspnam returns a NULL pointer for all NIS users, even if
getspnam is called by root.

Regards
  Christoph 


-- System Information:
Debian Release: 5.0.3
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libc6 depends on:
ii  libgcc1                      1:4.3.2-1.1 GCC support library

libc6 recommends no packages.

Versions of packages libc6 suggests:
pn  glibc-doc                     <none>     (no description available)
ii  libc6-i686                    2.7-18     GNU C Library: Shared libraries [i
ii  locales                       2.7-18     GNU C Library: National Language (

-- debconf information:
  glibc/upgrade: true
  glibc/restart-failed:
* glibc/restart-services: ssh openbsd-inetd cron

--- End Message ---

--- Begin Message ---

Source: eglibc
Source-Version: 2.10.2-4

We believe that the bug you reported is fixed in the latest version of
eglibc, which is due to be installed in the Debian FTP archive:

eglibc-source_2.10.2-4_all.deb
  to main/e/eglibc/eglibc-source_2.10.2-4_all.deb
eglibc_2.10.2-4.diff.gz
  to main/e/eglibc/eglibc_2.10.2-4.diff.gz
eglibc_2.10.2-4.dsc
  to main/e/eglibc/eglibc_2.10.2-4.dsc
glibc-doc_2.10.2-4_all.deb
  to main/e/eglibc/glibc-doc_2.10.2-4_all.deb
libc-bin_2.10.2-4_amd64.deb
  to main/e/eglibc/libc-bin_2.10.2-4_amd64.deb
libc-dev-bin_2.10.2-4_amd64.deb
  to main/e/eglibc/libc-dev-bin_2.10.2-4_amd64.deb
libc6-dbg_2.10.2-4_amd64.deb
  to main/e/eglibc/libc6-dbg_2.10.2-4_amd64.deb
libc6-dev-i386_2.10.2-4_amd64.deb
  to main/e/eglibc/libc6-dev-i386_2.10.2-4_amd64.deb
libc6-dev_2.10.2-4_amd64.deb
  to main/e/eglibc/libc6-dev_2.10.2-4_amd64.deb
libc6-i386_2.10.2-4_amd64.deb
  to main/e/eglibc/libc6-i386_2.10.2-4_amd64.deb
libc6-pic_2.10.2-4_amd64.deb
  to main/e/eglibc/libc6-pic_2.10.2-4_amd64.deb
libc6-prof_2.10.2-4_amd64.deb
  to main/e/eglibc/libc6-prof_2.10.2-4_amd64.deb
libc6-udeb_2.10.2-4_amd64.udeb
  to main/e/eglibc/libc6-udeb_2.10.2-4_amd64.udeb
libc6_2.10.2-4_amd64.deb
  to main/e/eglibc/libc6_2.10.2-4_amd64.deb
libnss-dns-udeb_2.10.2-4_amd64.udeb
  to main/e/eglibc/libnss-dns-udeb_2.10.2-4_amd64.udeb
libnss-files-udeb_2.10.2-4_amd64.udeb
  to main/e/eglibc/libnss-files-udeb_2.10.2-4_amd64.udeb
locales-all_2.10.2-4_amd64.deb
  to main/e/eglibc/locales-all_2.10.2-4_amd64.deb
locales_2.10.2-4_all.deb
  to main/e/eglibc/locales_2.10.2-4_all.deb
nscd_2.10.2-4_amd64.deb
  to main/e/eglibc/nscd_2.10.2-4_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 560...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Aurelien Jarno <aure...@debian.org> (supplier of updated eglibc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 06 Jan 2010 22:18:19 +0100
Source: eglibc
Binary: libc-bin libc-dev-bin glibc-doc eglibc-source locales locales-all nscd 
libc6 libc6-dev libc6-dbg libc6-prof libc6-pic libc6-udeb libc6.1 libc6.1-dev 
libc6.1-dbg libc6.1-prof libc6.1-pic libc6.1-udeb libc0.3 libc0.3-dev 
libc0.3-dbg libc0.3-prof libc0.3-pic libc0.3-udeb libc0.1 libc0.1-dev 
libc0.1-dbg libc0.1-prof libc0.1-pic libc0.1-udeb libc6-i386 libc6-dev-i386 
libc6-sparc64 libc6-dev-sparc64 libc6-s390x libc6-dev-s390x libc6-amd64 
libc6-dev-amd64 libc6-powerpc libc6-dev-powerpc libc6-ppc64 libc6-dev-ppc64 
libc6-mipsn32 libc6-dev-mipsn32 libc6-mips64 libc6-dev-mips64 libc0.1-i386 
libc0.1-dev-i386 libc6-sparcv9b libc6-i686 libc6-xen libc0.1-i686 
libc6.1-alphaev67 libnss-dns-udeb libnss-files-udeb
Architecture: all amd64 source
Version: 2.10.2-4
Distribution: unstable
Urgency: low
Maintainer: GNU Libc Maintainers <debian-gl...@lists.debian.org>
Changed-By: Aurelien Jarno <aure...@debian.org>
Closes: 558984 560333 563552 563636
Description: 
 eglibc-source - Embedded GNU C Library: sources
 glibc-doc  - Embedded GNU C Library: Documentation
 libc-bin   - Embedded GNU C Library: Binaries
 libc-dev-bin - Embedded GNU C Library: Development binaries
 libc0.1    - Embedded GNU C Library: Shared libraries
 libc0.1-dbg - Embedded GNU C Library: detached debugging symbols
 libc0.1-dev - Embedded GNU C Library: Development Libraries and Header Files
 libc0.1-dev-i386 - GNU C Library: 32bit development libraries for AMD64
 libc0.1-i386 - GNU C Library: 32bit shared libraries for AMD64
 libc0.1-i686 - GNU C Library: Shared libraries [i686 optimized]
 libc0.1-pic - Embedded GNU C Library: PIC archive library
 libc0.1-prof - Embedded GNU C Library: Profiling Libraries
 libc0.1-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libc0.3    - Embedded GNU C Library: Shared libraries
 libc0.3-dbg - Embedded GNU C Library: detached debugging symbols
 libc0.3-dev - Embedded GNU C Library: Development Libraries and Header Files
 libc0.3-pic - Embedded GNU C Library: PIC archive library
 libc0.3-prof - Embedded GNU C Library: Profiling Libraries
 libc0.3-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libc6      - Embedded GNU C Library: Shared libraries
 libc6-amd64 - GNU C Library: 64bit Shared libraries for AMD64
 libc6-dbg  - Embedded GNU C Library: detached debugging symbols
 libc6-dev  - Embedded GNU C Library: Development Libraries and Header Files
 libc6-dev-amd64 - GNU C Library: 64bit Development Libraries for AMD64
 libc6-dev-i386 - GNU C Library: 32-bit development libraries for AMD64
 libc6-dev-mips64 - GNU C Library: 64bit Development Libraries for MIPS64
 libc6-dev-mipsn32 - GNU C Library: n32 Development Libraries for MIPS64
 libc6-dev-powerpc - GNU C Library: 32bit powerpc development libraries for 
ppc64
 libc6-dev-ppc64 - GNU C Library: 64bit Development Libraries for PowerPC64
 libc6-dev-s390x - GNU C Library: 64bit Development Libraries for IBM zSeries
 libc6-dev-sparc64 - GNU C Library: 64bit Development Libraries for UltraSPARC
 libc6-i386 - GNU C Library: 32-bit shared libraries for AMD64
 libc6-i686 - GNU C Library: Shared libraries [i686 optimized]
 libc6-mips64 - GNU C Library: 64bit Shared libraries for MIPS64
 libc6-mipsn32 - GNU C Library: n32 Shared libraries for MIPS64
 libc6-pic  - Embedded GNU C Library: PIC archive library
 libc6-powerpc - GNU C Library: 32bit powerpc shared libraries for ppc64
 libc6-ppc64 - GNU C Library: 64bit Shared libraries for PowerPC64
 libc6-prof - Embedded GNU C Library: Profiling Libraries
 libc6-s390x - GNU C Library: 64bit Shared libraries for IBM zSeries
 libc6-sparc64 - GNU C Library: 64bit Shared libraries for UltraSPARC
 libc6-sparcv9b - GNU C Library: Shared libraries [v9b optimized]
 libc6-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libc6-xen  - GNU C Library: Shared libraries [Xen version]
 libc6.1    - Embedded GNU C Library: Shared libraries
 libc6.1-alphaev67 - GNU C Library: Shared libraries (EV67 optimized)
 libc6.1-dbg - Embedded GNU C Library: detached debugging symbols
 libc6.1-dev - Embedded GNU C Library: Development Libraries and Header Files
 libc6.1-pic - Embedded GNU C Library: PIC archive library
 libc6.1-prof - Embedded GNU C Library: Profiling Libraries
 libc6.1-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libnss-dns-udeb - GNU C Library: NSS helper for DNS - udeb (udeb)
 libnss-files-udeb - GNU C Library: NSS helper for files - udeb (udeb)
 locales    - Embedded GNU C Library: National Language (locale) data [support]
 locales-all - Embedded GNU C Library: Precompiled locale data
 nscd       - Embedded GNU C Library: Name Service Cache Daemon
Changes: 
 eglibc (2.10.2-4) unstable; urgency=low
 .
   [ Samuel Thibault ]
   * testsuite-checking/expected-results-i486-linux-gnu-libc: Add
     tst-atime.out failure.
 .
   [ Aurelien Jarno ]
   * Also build a libc6-sparcv9b package on sparc64.
   * Disable debian/patches/any/cvs-futimens.diff. Addresses: #563726,
     #563754.
   * Add debian/patches/localedata/locale-et_EE.diff to change weekday
     and workday to Monday.  Closes: #563636.
   * Add debian/patches/any/cvs-resolv-init.diff to fix mixing IPv4 and
     IPv6 name server in resolv.conf.
   * Add debian/patches/any/cvs-resolv-uninitialized.diff to fix an
     uninitialized variable in resolv code.
   * Add debian/patches/any/cvs-resolv-bindv6only.diff to not use
     IPV4-mapped addresses in the resolver code.  Closes: #563552.
   * Add debian/patches/any/cvs-resolv-edns0.diff to handle overly large
     answer buffers in resolver.
   * Add debian/patches/any/cvs-resolv-v6mapped.diff to fix lookup failure
     with IPv6 mapping enabled and big answers.  Closes: #558984.
   * Add debian/patches/any/submitted-nis-shadow.diff to remove encrypted
     passwords from passwd entries, and add them in shadow entries.
     Closes: #560333.
 .
   [ Petr Salinger]
   * kfreebsd/local-sysdeps.diff: update to revision 2907 (from glibc-bsd).
Checksums-Sha1: 
 052761468d4d86fa4fdd9ba08157def6eb9bf279 1816194 glibc-doc_2.10.2-4_all.deb
 5a9cad26b5dab23b431a6d82650ded0d1c0faf0f 10932664 
eglibc-source_2.10.2-4_all.deb
 3e2f12a6d3e6c8be9a28ffc458fe836ec0edd6c9 4751354 locales_2.10.2-4_all.deb
 4194c976a0b5298c5bc75514cb52a9c139bbcbaa 4247006 libc6_2.10.2-4_amd64.deb
 a00fc905c506b4dc8363982d265a7cf7435d491d 2547860 libc6-dev_2.10.2-4_amd64.deb
 1469a027a8d2e45907f2b4002ba98d53ab1f287b 1994288 libc6-prof_2.10.2-4_amd64.deb
 0ccf12114d7fcdd2f03db333b94bb8030756b065 1517960 libc6-pic_2.10.2-4_amd64.deb
 c8c6d7224a18ee1fed98d2ef929c1ed1c9e3cdfc 728798 libc-bin_2.10.2-4_amd64.deb
 eb2fdff824340bdd14963eb3559f3d951b7abb39 201832 libc-dev-bin_2.10.2-4_amd64.deb
 ccecb01c4f43cfc02b4977f7e11ceaf5f76285f9 3064406 locales-all_2.10.2-4_amd64.deb
 2e76592232a4c9ac9e41c3cdf9bbfda25a5c2d34 3793578 libc6-i386_2.10.2-4_amd64.deb
 f3738464705320671d15f22b2041576528badf46 1499146 
libc6-dev-i386_2.10.2-4_amd64.deb
 b07505a762a73a06423c981a4a212bfe38ebbf8d 190438 nscd_2.10.2-4_amd64.deb
 37554451ea421453f83f1adaf83cbeee4572b21d 10277258 libc6-dbg_2.10.2-4_amd64.deb
 94437fe88e21c1e3c0fc7dc284c2791f00fe964f 1133922 libc6-udeb_2.10.2-4_amd64.udeb
 bdf165710e659d8284597f7ca4ed4360d069dc7c 11232 
libnss-dns-udeb_2.10.2-4_amd64.udeb
 9f105210555ac8f85e89aae0e0a6e45aa7a603fc 19498 
libnss-files-udeb_2.10.2-4_amd64.udeb
 329110be0d3a6d3918ee8d6e2b1d717a518e26fc 2777 eglibc_2.10.2-4.dsc
 e5c08982eec8f1be821f1c6a943c8a8a92bad1f3 788632 eglibc_2.10.2-4.diff.gz
Checksums-Sha256: 
 769adaf34ded2b841cbe1c1ffe23cdf6a1dfc97b312a919f7218a232bdcbd2ec 1816194 
glibc-doc_2.10.2-4_all.deb
 91da64e65aa4ec88a936fb14ff9eae55d2e8c51461e63d0e552ee8bf302f9a5a 10932664 
eglibc-source_2.10.2-4_all.deb
 bbc08198bda16d2585800c588b19294645b0aa3c464155bcd84c89ebc1828d56 4751354 
locales_2.10.2-4_all.deb
 8fa4922bdf4ed3eb2f3cb895bd6cc46be11a1e9e4c23fa632a7faf3147325b10 4247006 
libc6_2.10.2-4_amd64.deb
 49a1b52d9a41f02ca5ade876f483dd4f4918ee6e9cb3b385c2d10563903fbecf 2547860 
libc6-dev_2.10.2-4_amd64.deb
 8c06820674fceb76d8c04b19ad4001fc194780144766bf2d9700455c8f21dc8a 1994288 
libc6-prof_2.10.2-4_amd64.deb
 72cd83efb65d3f4f6e1e005ffb646fd0604aad86aa8ca2a3037d8b081fb6c313 1517960 
libc6-pic_2.10.2-4_amd64.deb
 fdaf6b7ef44660dac795bd35bbc41a4b7676580f1038959112d7a5c113abd4c9 728798 
libc-bin_2.10.2-4_amd64.deb
 3a70479ba2655e334ad6c62b9f0a9bf41ac7ef47163c84ec1ae9d7640f7fc871 201832 
libc-dev-bin_2.10.2-4_amd64.deb
 7923b0cea8d16d0d813565b857c0cc24fe3b00fd6ed9ada17ce9f2620e0de15e 3064406 
locales-all_2.10.2-4_amd64.deb
 9fb99ab84133b7839bf650ff7144a768f74625c0e4dec7779487ae3b9fe5fbf9 3793578 
libc6-i386_2.10.2-4_amd64.deb
 199e775a6107c6c8a76030d5766abf97198ff1891bd6a471a278f906e8a137a9 1499146 
libc6-dev-i386_2.10.2-4_amd64.deb
 e4cdca881073711cacb57404e267f72e8a2cab9657c233dcfa23d87a5a589c64 190438 
nscd_2.10.2-4_amd64.deb
 b1c976df0c3467cc84691de677fb362a90e906aa253b302e848afefa835e10db 10277258 
libc6-dbg_2.10.2-4_amd64.deb
 aa48558d19fd89254b8a2772bf51e62c247a70b516a6e6f7dc467707d0914411 1133922 
libc6-udeb_2.10.2-4_amd64.udeb
 272aaa35025c53c213f90269b81e911d047ce0c3cba7e9787611814c4fdd84fa 11232 
libnss-dns-udeb_2.10.2-4_amd64.udeb
 c4bb081611fed737d143a37525d40a44d565d11cec2171b522555de5a0addece 19498 
libnss-files-udeb_2.10.2-4_amd64.udeb
 ee28950661e63278ed663950f2c6672bd8a2772e1597bb464627033c93830088 2777 
eglibc_2.10.2-4.dsc
 d7d93cc8cd621861e54292593a6f9d62df080c7402ce7c6b6205802414b94d7b 788632 
eglibc_2.10.2-4.diff.gz
Files: 
 7ccab70fbfe3769f76acb6862c9f1af3 1816194 doc optional 
glibc-doc_2.10.2-4_all.deb
 b77eb297f334ea1e011d6e7a901a8ed1 10932664 devel optional 
eglibc-source_2.10.2-4_all.deb
 23c59ae986b24083b0bf08cd8cb592bf 4751354 libs standard locales_2.10.2-4_all.deb
 90e5cdbdf138bcbf095e86f9b5111c5b 4247006 libs required libc6_2.10.2-4_amd64.deb
 3875eee2c22dfb2b729c7b629863a8db 2547860 libdevel optional 
libc6-dev_2.10.2-4_amd64.deb
 d3783576a307ff80c6d24bc89014073a 1994288 libdevel extra 
libc6-prof_2.10.2-4_amd64.deb
 56e48d9f82fe9e70ffdc63d0f56cbd73 1517960 libdevel optional 
libc6-pic_2.10.2-4_amd64.deb
 d34441e8dc14442a6af404d89de1e07a 728798 libs required 
libc-bin_2.10.2-4_amd64.deb
 caba48ec13c264f59ec59a34bc0b9fc5 201832 libdevel optional 
libc-dev-bin_2.10.2-4_amd64.deb
 1c37b9a6f2554a1c8589a062eca8a568 3064406 libs extra 
locales-all_2.10.2-4_amd64.deb
 7cc0c563857f581abbcf414954c9ceae 3793578 libs optional 
libc6-i386_2.10.2-4_amd64.deb
 fb97b8723301c27acc5de0033cf2166e 1499146 libdevel optional 
libc6-dev-i386_2.10.2-4_amd64.deb
 5ea77267d56dfdff809ef16f0c41a1ea 190438 admin optional nscd_2.10.2-4_amd64.deb
 57ae480e1192f5a1fc70c392ddeae7c9 10277258 debug extra 
libc6-dbg_2.10.2-4_amd64.deb
 3a8e7121da5b8ec1d60e0a14da82d695 1133922 debian-installer extra 
libc6-udeb_2.10.2-4_amd64.udeb
 759be2f12f50c9aab8f7985fce2677c8 11232 debian-installer extra 
libnss-dns-udeb_2.10.2-4_amd64.udeb
 67d53cdf053333f5be4cc82633c893b4 19498 debian-installer extra 
libnss-files-udeb_2.10.2-4_amd64.udeb
 ef23b3332cf867ae7a5e8a62534b17f7 2777 libs required eglibc_2.10.2-4.dsc
 04f4cc2fd73845bd628b3b770fe494c8 788632 libs required eglibc_2.10.2-4.diff.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iD8DBQFLRR+Ww3ao2vG823MRAh5DAKCBKHY8KHHzl1B9/RJ+nkNQ0LQmxQCePfMg
IcQrk0JgXFJl5bx0Mm+2YJE=
=JTTU
-----END PGP SIGNATURE-----

--- End Message ---

Bug#560333: marked as done (libc6: getpwnam shows shadow passwords of NIS users)

Reply via email to