Bug#245029: Acknowledgement (libc6: SIGSEGV in getgrouplist()/getpwnam())
At Thu, 22 Apr 2004 17:58:58 -0700,
Matt Zimmerman wrote:
> > At Fri, 23 Apr 2004 01:11:15 +0200,
> > BUCHMULLER Norbert wrote:
> > > > Isn't it CAN-2003-0689? (I have not seen that fixed in libc6's
> > >
> > > It _is_.
> >
> > I didn't know this bug before...
> > Debian security team, could you look at it?
>
> Yes, this is not a new bug...however I do not consider it to have genuine
> security impact. In order to be triggered, a user must be a member of an
> unusually large number of groups (not under user's control), and in order to
> be exploited, the group names (not under user's control) would need to be
> manipulated.
>
> So the only attack vector I see is "user can cause some programs to crash by
> asking the sysadmin to add him to a large number of groups".
Thanks for your explanation.
> This bug has been seen to cause problems with, e.g., samba in real-world
> situations, though, so it might be worth fixing in an upload to
> proposed-updates.
Unfortunatelly we have been missed proposed-updates for glibc in
woody. It's fixed in coming release sarge...
Regards,
-- gotom
Reply to: