SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Glibc Vendors:   GNU [multiple authors]
(Turbolinux Issues Fix) glibc getgrouplist() Buffer Overflow May Let Remote Users Deny Service or Execute Arbitrary Code
SecurityTracker Alert ID:  1008503
SecurityTracker URL:  http://securitytracker.com/id/1008503
CVE Reference:   CVE-2003-0689   (Links to External Site)
Date:  Dec 18 2003
Impact:   Denial of service via local system, Denial of service via network, Execution of arbitrary code via local system, Execution of arbitrary code via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.3.2
Description:   A buffer overflow vulnerability was reported in the glibc library. A remote or local user may be able to cause an affected application to crash or execute arbitrary code. The specific impact depends on how the application uses the library.

In August 2003, it was reported that there is a buffer overflow in the getgrouplist() function in 'libc/grp/initgroups.c'. According to the report, the function copies all the groups returned by "internal_getgrouplist", even if the returned number of groups is greater than the "ngroups" parameter. If an administrator has placed a user in a number of groups that is larger than that expected by an application, the vulnerability can be triggered, the report said.

According to a Red Hat bug report by Matt Seitz, this flaw can cause segfaults in Samba 3.0. Other applications may be affected in a different manner, depending on how the application uses the getgrouplist() function.

Impact:   A remote or local user may be able to cause an application that uses the affected function to crash or execute arbitrary code. The specific impact depends on how the application uses the library.
Solution:   Turbolinux has issued a fix.

<Turbolinux 8 Server>

Source Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/glibc-2.2.5-17.src.rpm
15681872 c5f6718068cad57d328e9cbb99cfc5c2

Binary Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/glibc-2.2.5-17.i586.rpm
10948308 e978c66d70ed23c1d37f3cf58fa1d7dd
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/glibc-devel-2.2.5-17.i586.rpm
3087284 027379201c146b8652691fa5fb407fb8
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/glibc-profile-2.2.5-17.i586.rpm
793319 2b825226d3e4628c4fc5a13d028dc42f
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/mtrace-2.2.5-17.i586.rpm
26289 3b7e3b3ee9fdad443214abc22ff011a3
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/nscd-2.2.5-17.i586.rpm
33180 2811c092ec2fed1a278f29d6f5393122

<Turbolinux 8 Workstation>

Source Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/glibc-2.2.5-17.src.rpm
15681872 0ae07774f7aed8ddceda091ad1aa59eb

Binary Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/glibc-2.2.5-17.i586.rpm
10943475 e3ae6e493dae31c06d04de1e5ef24a5b
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/glibc-devel-2.2.5-17.i586.rpm
3088889 7bdde2a4805a408ec20b5b6c983c20b7
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/glibc-profile-2.2.5-17.i586.rpm
793449 8eb226d87491ab3d2b22e50a978900be
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/mtrace-2.2.5-17.i586.rpm
26291 d9d5ee64fff9b612203b7b6629d95022
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/nscd-2.2.5-17.i586.rpm
33125 5f91d450345639e2f4629005305d401d

<Turbolinux 7 Server>

Source Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/glibc-2.2.4-13.src.rpm
13582169 668c9eb6ddb16b219cbe155edf9a6ca1

Binary Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/glibc-2.2.4-13.i586.rpm
11310068 ebd5c4c08b7e50bafbd79b57801cccdd
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/glibc-devel-2.2.4-13.i586.rpm
6293426 b0b9308e04c0314f4130617e89f60017
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/glibc-profile-2.2.4-13.i586.rpm
4125526 818098cc38a84b39204504e36bc79761
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/mtrace-2.2.4-13.i586.rpm
15377 4de531b6fda1b23c28d91477eb8f4124
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/nscd-2.2.4-13.i586.rpm
31236 d5fbda6a59e9fc074a3df3ac378907b2

<Turbolinux 7 Workstation>

Source Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/glibc-2.2.4-13.src.rpm
13582169 b0e8e76f424bd3bd2cd2a94dd37d0dcd

Binary Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/glibc-2.2.4-13.i586.rpm
11308991 b5f5f6887dc9a8aaa4e118c6c8ff22e6
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/glibc-devel-2.2.4-13.i586.rpm
6292725 b4e5f9a07c55ff55845a2aa4dbfd5a7f
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/glibc-profile-2.2.4-13.i586.rpm
4125536 32c7053ca33d15f10c655b3e1262a769
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/mtrace-2.2.4-13.i586.rpm
15385 5d042786c08b9336fe73fe4c7c69367b
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/nscd-2.2.4-13.i586.rpm
31243 fae888249da3141a18336aa8a5f6da60

Vendor URL:  www.gnu.org/directory/GNU/glibc.html (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Turbo Linux)
Underlying OS Comments:  8, 7; Workstation and Server

Message History:   This archive entry is a follow-up to the message listed below.
Oct 16 2003 glibc getgrouplist() Buffer Overflow May Let Remote Users Deny Service or Execute Arbitrary Code



 Source Message Contents

Subject:  [Full-Disclosure] [TURBOLINUX SECURITY INFO] 06/Dec/2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is an announcement only email list for the x86 architecture.
============================================================
Turbolinux Security Announcement 06/Dec/2003
============================================================

The following page contains the security information of Turbolinux Inc.

 - Turbolinux Security Center
   http://www.turbolinux.com/security/

 (1) glibc -> Multiple vulnerabilities in glibc
 (2) rsync -> Heap overflow


===========================================================
* glibc -> Multiple vulnerabilities in glibc
===========================================================

 More information :
    The glibc package contains the standard C libraries used by applications.

    When a user is a member of a large number of groups,the getgrouplist function in
    glibc allows attackers to cause a denial of service (segmentation fault)
    and execute arbitrary code.

 Impact :
    This may allow attackers to cause a denial of service or execute arbitrary code.

 Affected Products :
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation

 Solution :
    Please use turbopkg(zabom) tool to apply the update.
 ---------------------------------------------
 # turbopkg
 or
 # zabom update glibc glibc-devel glibc-profile mtrace nscd
 ---------------------------------------------


 <Turbolinux 8 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/glibc-2.2.5-17.src.rpm
     15681872 c5f6718068cad57d328e9cbb99cfc5c2

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/glibc-2.2.5-17.i586.rpm
     10948308 e978c66d70ed23c1d37f3cf58fa1d7dd
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/glibc-devel-2.2.5-17.i586.rpm
      3087284 027379201c146b8652691fa5fb407fb8
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/glibc-profile-2.2.5-17.i586.rpm
       793319 2b825226d3e4628c4fc5a13d028dc42f
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/mtrace-2.2.5-17.i586.rpm
        26289 3b7e3b3ee9fdad443214abc22ff011a3
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/nscd-2.2.5-17.i586.rpm
        33180 2811c092ec2fed1a278f29d6f5393122

 <Turbolinux 8 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/glibc-2.2.5-17.src.rpm
     15681872 0ae07774f7aed8ddceda091ad1aa59eb

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/glibc-2.2.5-17.i586.rpm
     10943475 e3ae6e493dae31c06d04de1e5ef24a5b
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/glibc-devel-2.2.5-17.i586.rpm
      3088889 7bdde2a4805a408ec20b5b6c983c20b7
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/glibc-profile-2.2.5-17.i586.rpm
       793449 8eb226d87491ab3d2b22e50a978900be
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/mtrace-2.2.5-17.i586.rpm
        26291 d9d5ee64fff9b612203b7b6629d95022
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/nscd-2.2.5-17.i586.rpm
        33125 5f91d450345639e2f4629005305d401d

 <Turbolinux 7 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/glibc-2.2.4-13.src.rpm
     13582169 668c9eb6ddb16b219cbe155edf9a6ca1

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/glibc-2.2.4-13.i586.rpm
     11310068 ebd5c4c08b7e50bafbd79b57801cccdd
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/glibc-devel-2.2.4-13.i586.rpm
      6293426 b0b9308e04c0314f4130617e89f60017
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/glibc-profile-2.2.4-13.i586.rpm
      4125526 818098cc38a84b39204504e36bc79761
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/mtrace-2.2.4-13.i586.rpm
        15377 4de531b6fda1b23c28d91477eb8f4124
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/nscd-2.2.4-13.i586.rpm
        31236 d5fbda6a59e9fc074a3df3ac378907b2

 <Turbolinux 7 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/glibc-2.2.4-13.src.rpm
     13582169 b0e8e76f424bd3bd2cd2a94dd37d0dcd

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/glibc-2.2.4-13.i586.rpm
     11308991 b5f5f6887dc9a8aaa4e118c6c8ff22e6
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/glibc-devel-2.2.4-13.i586.rpm
      6292725 b4e5f9a07c55ff55845a2aa4dbfd5a7f
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/glibc-profile-2.2.4-13.i586.rpm
      4125536 32c7053ca33d15f10c655b3e1262a769
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/mtrace-2.2.4-13.i586.rpm
        15385 5d042786c08b9336fe73fe4c7c69367b
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/nscd-2.2.4-13.i586.rpm
        31243 fae888249da3141a18336aa8a5f6da60


 References :

 CVE
   [CAN-2003-0689]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0689
   [CAN-2003-0859]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0859


===========================================================
* rsync -> Heap overflow
===========================================================

More information :
    rsync uses the "rsync algorithm" which provides a very fast method for
    bringing remote files into sync. It does this by sending just the
    differences in the files across the link, without requiring that both
    sets of files are present at one of the ends of the link beforehand.
    Rsync version 2.5.6 and earlier contains a heap overflow vulnerability
    that can be used to remotely run arbitrary code.

    Please note that this vulnerability only affects the use of rsync as a "rsync server". 

 Impact :
    This vulnerability may allow remote third party to gain the root privileges.

 Affected Products :
    - Turbolinux 10 Desktop
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation
    - Turbolinux Server 6.5
    - Turbolinux Advanced Server 6
    - Turbolinux Server 6.1
    - Turbolinux Workstation 6.0

 Solution :
    Please use turbopkg(zabom) tool to apply the update.
 ---------------------------------------------
 # turbopkg
 or
   zabom-1.x
 # zabom update rsync
   zabom-2.x
 # zabom -u rsync
 ---------------------------------------------


 <Turbolinux 10 Desktop>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/rsync-2.5.7-1.src.rpm
       454497 499768bcd5851f5dede0a9aaed9f67fd

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/rsync-2.5.7-1.i586.rpm
       142068 fba3ab5d577b7eab1818c3d41e6ce13d

 <Turbolinux 8 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/rsync-2.5.7-1.src.rpm
       454497 d4c79a6aba4e8a7b17d8940d6b6e1f87

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/rsync-2.5.7-1.i586.rpm
       140316 10b89f1b0c3db89ee56dc9b735b4effa

 <Turbolinux 8 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/rsync-2.5.7-1.src.rpm
       454497 5b521abb17456fadded17f054bd9a5b4

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/rsync-2.5.7-1.i586.rpm
       140308 6c9f1e54680ea18d6c885fb1bfe8d924

 <Turbolinux 7 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/rsync-2.5.7-1.src.rpm
       454497 da512bcc0862905542870ede94d4518c

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/rsync-2.5.7-1.i586.rpm
       136728 fe9fd94d15842c3e6344811501329205

 <Turbolinux 7 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/rsync-2.5.7-1.src.rpm
       454497 e7e10e4efe32ed6d0308c332b11df197

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/rsync-2.5.7-1.i586.rpm
       136761 10f48e8a8ffa4fe9318f277767ad03ed

 <Turbolinux Server 6.5>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/SRPMS/rsync-2.5.7-1.src.rpm
       454497 83ded0d90cde0b0a5e1376e468faaa42

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/rsync-2.5.7-1.i386.rpm
       136619 b8186c802c41974daf566bc01fbd9e9b

 <Turbolinux Advanced Server 6>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/SRPMS/rsync-2.5.7-1.src.rpm
       454497 c0bd7ffb38fff1d788ae7056915acb28

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/rsync-2.5.7-1.i386.rpm
       136611 f6fb180f6652671a6f2627065d2c40cd

 <Turbolinux Server 6.1>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/SRPMS/rsync-2.5.7-1.src.rpm
       454497 80d975cc6e84edb7da14d8566e4b7fe0

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/rsync-2.5.7-1.i386.rpm
       136599 70d6d5c3e4a227803ea48a2be5af324b

 <Turbolinux Workstation 6.0>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/SRPMS/rsync-2.5.7-1.src.rpm
       454497 081ea78c2a4f089c452fe0a5094b68fa

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/rsync-2.5.7-1.i386.rpm
       136607 519b6825e9f917487a8c884b5b1a9006


 References :

 rsync
   http://rsync.samba.org/

 CVE
   [CAN-2003-0962]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0962


 * You may need to update the turbopkg tool before applying the update.
Please refer to the following URL for detailed information.

  http://www.turbolinux.com/download/zabom.html
  http://www.turbolinux.com/download/zabomupdate.html

Package Update Path
http://www.turbolinux.com/update

============================================================
 * To obtain the public key

Here is the public key

 http://www.turbolinux.com/security/

 * To unsubscribe from the list

If you ever want to remove yourself from this mailing list,
  you can send a message to <server-users-e-ctl@turbolinux.co.jp> with
the word `unsubscribe' in the body (don't include the quotes).

unsubscribe

 * To change your email address

If you ever want to chage email address in this mailing list,
  you can send a message to <server-users-e-ctl@turbolinux.co.jp> with
the following command in the message body:

  chaddr 'old address' 'new address'

If you have any questions or problems, please contact
<supp_info@turbolinux.co.jp>

Thank you!

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/0M/DK0LzjOqIJMwRAr7wAJ9uc2XNZGeh6lqS+pKIlIjmjCsLaQCePJvs
uZ4pje67NlW5ogxnIjemsmk=
=ZogU
-----END PGP SIGNATURE-----



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC