Bug#245029: Acknowledgement (libc6: SIGSEGV in getgrouplist()/getpwnam())

To: GOTO Masanori <gotom@debian.or.jp>, 245029@bugs.debian.org
Cc: BUCHMULLER Norbert <norbi.spam@nix.hu>, security@debian.org
Subject: Bug#245029: Acknowledgement (libc6: SIGSEGV in getgrouplist()/getpwnam())
From: Matt Zimmerman <mdz@debian.org>
Date: Thu, 22 Apr 2004 17:58:58 -0700
Message-id: <[🔎] 20040423005858.GT31523@alcor.net>
Mail-followup-to: GOTO Masanori <gotom@debian.or.jp>, 245029@bugs.debian.org, BUCHMULLER Norbert <norbi.spam@nix.hu>, security@debian.org
Reply-to: Matt Zimmerman <mdz@debian.org>, 245029@bugs.debian.org
In-reply-to: <[🔎] 81ekqfcz7p.wl@omega.webmasters.gr.jp>
References: <[🔎] 20040421055047.6eb3e3f9.norbi.spam@nix.hu> <handler.245029.B.108251945228400.ack@bugs.debian.org> <[🔎] 20040421124758.4c923ba0.norbi.spam@nix.hu> <[🔎] 20040423011115.6cae2fde.norbi.spam@nix.hu> <[🔎] 81ekqfcz7p.wl@omega.webmasters.gr.jp>

On Fri, Apr 23, 2004 at 09:30:50AM +0900, GOTO Masanori wrote:

> At Fri, 23 Apr 2004 01:11:15 +0200,
> BUCHMULLER Norbert wrote:
> > > Isn't it CAN-2003-0689? (I have not seen that fixed in libc6's
> > 
> > It _is_.
> 
> I didn't know this bug before...
> Debian security team, could you look at it?

Yes, this is not a new bug...however I do not consider it to have genuine
security impact.  In order to be triggered, a user must be a member of an
unusually large number of groups (not under user's control), and in order to
be exploited, the group names (not under user's control) would need to be
manipulated.

So the only attack vector I see is "user can cause some programs to crash by
asking the sysadmin to add him to a large number of groups".

This bug has been seen to cause problems with, e.g., samba in real-world
situations, though, so it might be worth fixing in an upload to
proposed-updates.

-- 
 - mdz

Reply to:

Follow-Ups:
- Bug#245029: Acknowledgement (libc6: SIGSEGV in getgrouplist()/getpwnam())
  - From: GOTO Masanori <gotom@debian.or.jp>

References:
- Bug#245029: libc6: SIGSEGV in getgrouplist()/getpwnam()
  - From: BUCHMULLER Norbert <norbi.spam@nix.hu>
- Bug#245029: Acknowledgement (libc6: SIGSEGV in getgrouplist()/getpwnam())
  - From: BUCHMULLER Norbert <norbi.spam@nix.hu>
- Bug#245029: Acknowledgement (libc6: SIGSEGV in getgrouplist()/getpwnam())
  - From: BUCHMULLER Norbert <norbi.spam@nix.hu>
- Bug#245029: Acknowledgement (libc6: SIGSEGV in getgrouplist()/getpwnam())
  - From: GOTO Masanori <gotom@debian.or.jp>

Prev by Date: Bug#245337: Processed: Re: Bug#245337 acknowledged by developer (Re: Bug#245337: locales package does not seem to obay Debconf configuration)
Next by Date: Bug#245337: Processed: Re: Bug#245337 acknowledged by developer (Re: Bug#245337: locales package does not seem to obay Debconf configuration)
Previous by thread: Processed: Re: Bug#245029: Acknowledgement (libc6: SIGSEGV in getgrouplist()/getpwnam())
Next by thread: Bug#245029: Acknowledgement (libc6: SIGSEGV in getgrouplist()/getpwnam())
Index(es):
- Date
- Thread