Bug#245029: Acknowledgement (libc6: SIGSEGV in getgrouplist()/getpwnam())

To: GOTO Masanori <gotom@debian.or.jp>, 245029@bugs.debian.org, BUCHMULLER Norbert <norbi.spam@nix.hu>, security@debian.org
Subject: Bug#245029: Acknowledgement (libc6: SIGSEGV in getgrouplist()/getpwnam())
From: GOTO Masanori <gotom@debian.or.jp>
Date: Sat, 24 Apr 2004 21:20:10 +0900
Message-id: <[🔎] 81brlhd0ud.wl@omega.webmasters.gr.jp>
Reply-to: GOTO Masanori <gotom@debian.or.jp>, 245029@bugs.debian.org
In-reply-to: <[🔎] 20040423005858.GT31523@alcor.net>
References: <[🔎] 20040421055047.6eb3e3f9.norbi.spam@nix.hu> <handler.245029.B.108251945228400.ack@bugs.debian.org> <[🔎] 20040421124758.4c923ba0.norbi.spam@nix.hu> <[🔎] 20040423011115.6cae2fde.norbi.spam@nix.hu> <[🔎] 81ekqfcz7p.wl@omega.webmasters.gr.jp> <[🔎] 20040423005858.GT31523@alcor.net>

At Thu, 22 Apr 2004 17:58:58 -0700,
Matt Zimmerman wrote:
> > At Fri, 23 Apr 2004 01:11:15 +0200,
> > BUCHMULLER Norbert wrote:
> > > > Isn't it CAN-2003-0689? (I have not seen that fixed in libc6's
> > > 
> > > It _is_.
> > 
> > I didn't know this bug before...
> > Debian security team, could you look at it?
> 
> Yes, this is not a new bug...however I do not consider it to have genuine
> security impact.  In order to be triggered, a user must be a member of an
> unusually large number of groups (not under user's control), and in order to
> be exploited, the group names (not under user's control) would need to be
> manipulated.
> 
> So the only attack vector I see is "user can cause some programs to crash by
> asking the sysadmin to add him to a large number of groups".

Thanks for your explanation.  

> This bug has been seen to cause problems with, e.g., samba in real-world
> situations, though, so it might be worth fixing in an upload to
> proposed-updates.

Unfortunatelly we have been missed proposed-updates for glibc in
woody.  It's fixed in coming release sarge...

Regards,
-- gotom

Reply to:

Follow-Ups:
- Bug#245029: Acknowledgement (libc6: SIGSEGV in getgrouplist()/getpwnam())
  - From: Matt Zimmerman <mdz@debian.org>

References:
- Bug#245029: libc6: SIGSEGV in getgrouplist()/getpwnam()
  - From: BUCHMULLER Norbert <norbi.spam@nix.hu>
- Bug#245029: Acknowledgement (libc6: SIGSEGV in getgrouplist()/getpwnam())
  - From: BUCHMULLER Norbert <norbi.spam@nix.hu>
- Bug#245029: Acknowledgement (libc6: SIGSEGV in getgrouplist()/getpwnam())
  - From: BUCHMULLER Norbert <norbi.spam@nix.hu>
- Bug#245029: Acknowledgement (libc6: SIGSEGV in getgrouplist()/getpwnam())
  - From: GOTO Masanori <gotom@debian.or.jp>
- Bug#245029: Acknowledgement (libc6: SIGSEGV in getgrouplist()/getpwnam())
  - From: Matt Zimmerman <mdz@debian.org>

Prev by Date: Bug#245643: libc6: problem with $kernel_ver in preinst
Next by Date: Bug#245643: libc6: problem with $kernel_ver in preinst
Previous by thread: Bug#245029: Acknowledgement (libc6: SIGSEGV in getgrouplist()/getpwnam())
Next by thread: Bug#245029: Acknowledgement (libc6: SIGSEGV in getgrouplist()/getpwnam())
Index(es):
- Date
- Thread