Glibc Getgrouplist函数缓冲区溢出漏洞

发布时间：2003-08-23
更新时间：2003-08-23
严重程度：中
威胁程度：权限提升
错误类型：边界检查错误
利用方式：服务器模式

BUGTRAQ ID：8477
CVE(CAN) ID：CAN-2003-0689

受影响系统

RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Enterprise Linux AS 2.1 IA64
RedHat Enterprise Linux AS 2.1

详细描述
glibc getgrouplist函数存在缓冲区溢出问题。如果用户所属组的成员超过组列表所定的大小。应用程序调用这个函数处理的时候就会发生缓冲区溢出。

目前没有详细细节提供。

测试代码
尚无

解决方案
补丁下载：

Red Hat Enterprise Linux AS (v. 2.1)

--------------------------------------------------------------------------------

SRPMS:
glibc-2.2.4-32.8.src.rpm     779b9371ed6f3df44413d43439aedcdb

i386:
glibc-2.2.4-32.8.i386.rpm     a45f96f4d14dc6a7411699dae7929c2b
glibc-common-2.2.4-32.8.i386.rpm     4307ee9036a34fc75ac369b54560e8b8
glibc-devel-2.2.4-32.8.i386.rpm     d2a171dc3f0e406acb3089edc70add67
glibc-profile-2.2.4-32.8.i386.rpm     ed1d806491ef9bc28f435a7e6c8c8392
nscd-2.2.4-32.8.i386.rpm     7ada51ed827ebc1091f05c83186f0597

i686:
glibc-2.2.4-32.8.i686.rpm     ef0c8b62114ffdde63dafd6253c7e9d1

ia64:
glibc-2.2.4-32.8.ia64.rpm     3001471f06cdeb6dbe12a2dca31401a5
glibc-common-2.2.4-32.8.ia64.rpm     55f60657c2b2f320e2393f6441de56a2
glibc-devel-2.2.4-32.8.ia64.rpm     6e359bee323035b993214b6bfb89e903
glibc-profile-2.2.4-32.8.ia64.rpm     b17a6bdc87d729cd39b767694cdb8a26
nscd-2.2.4-32.8.ia64.rpm     74d03cd22fe036b2f181d3f6528b97fa

Red Hat Enterprise Linux ES (v. 2.1)

--------------------------------------------------------------------------------

SRPMS:
glibc-2.2.4-32.8.src.rpm     779b9371ed6f3df44413d43439aedcdb

i386:
glibc-2.2.4-32.8.i386.rpm     a45f96f4d14dc6a7411699dae7929c2b
glibc-common-2.2.4-32.8.i386.rpm     4307ee9036a34fc75ac369b54560e8b8
glibc-devel-2.2.4-32.8.i386.rpm     d2a171dc3f0e406acb3089edc70add67
glibc-profile-2.2.4-32.8.i386.rpm     ed1d806491ef9bc28f435a7e6c8c8392
nscd-2.2.4-32.8.i386.rpm     7ada51ed827ebc1091f05c83186f0597

i686:
glibc-2.2.4-32.8.i686.rpm     ef0c8b62114ffdde63dafd6253c7e9d1

Red Hat Enterprise Linux WS (v. 2.1)

--------------------------------------------------------------------------------

SRPMS:
glibc-2.2.4-32.8.src.rpm     779b9371ed6f3df44413d43439aedcdb

i386:
glibc-2.2.4-32.8.i386.rpm     a45f96f4d14dc6a7411699dae7929c2b
glibc-common-2.2.4-32.8.i386.rpm     4307ee9036a34fc75ac369b54560e8b8
glibc-devel-2.2.4-32.8.i386.rpm     d2a171dc3f0e406acb3089edc70add67
glibc-profile-2.2.4-32.8.i386.rpm     ed1d806491ef9bc28f435a7e6c8c8392
nscd-2.2.4-32.8.i386.rpm     7ada51ed827ebc1091f05c83186f0597

i686:
glibc-2.2.4-32.8.i686.rpm     ef0c8b62114ffdde63dafd6253c7e9d1

Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor

--------------------------------------------------------------------------------

SRPMS:
glibc-2.2.4-32.8.src.rpm     779b9371ed6f3df44413d43439aedcdb

ia64:
glibc-2.2.4-32.8.ia64.rpm     3001471f06cdeb6dbe12a2dca31401a5
glibc-common-2.2.4-32.8.ia64.rpm     55f60657c2b2f320e2393f6441de56a2
glibc-devel-2.2.4-32.8.ia64.rpm     6e359bee323035b993214b6bfb89e903
glibc-profile-2.2.4-32.8.ia64.rpm     b17a6bdc87d729cd39b767694cdb8a26
nscd-2.2.4-32.8.ia64.rpm     74d03cd22fe036b2f181d3f6528b97fa

http://rhn.redhat.com/

相关信息
参考：http://rhn.redhat.com/errata/RHSA-2003-249.html

最近严重漏洞

Glibc Getgrouplist函数缓冲区溢出漏洞