Bug#245029: Acknowledgement (libc6: SIGSEGV in getgrouplist()/getpwnam())
On Fri, Apr 23, 2004 at 09:30:50AM +0900, GOTO Masanori wrote:
> At Fri, 23 Apr 2004 01:11:15 +0200,
> BUCHMULLER Norbert wrote:
> > > Isn't it CAN-2003-0689? (I have not seen that fixed in libc6's
> > It _is_.
> I didn't know this bug before...
> Debian security team, could you look at it?
Yes, this is not a new bug...however I do not consider it to have genuine
security impact. In order to be triggered, a user must be a member of an
unusually large number of groups (not under user's control), and in order to
be exploited, the group names (not under user's control) would need to be
So the only attack vector I see is "user can cause some programs to crash by
asking the sysadmin to add him to a large number of groups".
This bug has been seen to cause problems with, e.g., samba in real-world
situations, though, so it might be worth fixing in an upload to