Gentoo Logo

glibc: getgrouplist buffer overflow vulnerability

Content:

1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200311-06 / glibc
Release Date November 22, 2003
Latest Revision November 22, 2003: 01
Impact normal
Exploitable local
Package Vulnerable versions Unaffected versions Architecture(s)
sys-libs/glibc <= 2.2.4 >= 2.2.5 All supported architectures

Related bugreports: #33383

Synopsis

glibc contains a buffer overflow in the getgrouplist function.

2.  Impact Information

Background

glibc is the GNU C library.

Description

A bug in the getgrouplist function can cause a buffer overflow if the size of the group list is too small to hold all the user's groups. This overflow can cause segmentation faults in user applications. This vulnerability exists only when an administrator has placed a user in a number of groups larger than that expected by an application.

Impact

Applications that use getgrouplist can crash.

3.  Resolution Information

Workaround

There is no known workaround at this time.

Resolution

It is recommended that all Gentoo Linux users update their systems as follows:

Code Listing 3.1: Resolution

# emerge sync
# emerge -pv '>=sys-libs/glibc-2.2.5'
# emerge '>=sys-libs/glibc-2.2.5'
# emerge clean

4.  References

Print

Page updated November 22, 2003

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.