漏洞信息详情
Glibc Getgrouplist函数本地缓冲区溢出漏洞
- CNNVD编号:CNNVD-200310-034
- 危害等级: 高危
- CVE编号: CVE-2003-0689
- 漏洞类型: 边界条件错误
- 发布时间: 2003-08-23
- 威胁类型: 远程
- 更新时间: 2005-10-20
- 厂 商: redhat
- 漏洞来源: Red Hat Security A...
漏洞简介
glibc是绝大多数Linux操作系统中C库的实现。 glibc包含的getgrouplist函数对组列表缺少充分检查,本地攻击者可以利用这个漏洞进行缓冲区溢出,精心构建提交数据可能以root用户权限在系统上执行任意指令。 如果组成员的用户超过组列表所指定的大小,就可以触发缓冲区溢出,导致用户应用程序产生段错误,根据应用程序不同,可产生不同安全问题。此漏洞只影响当管理员把一个用户加到应用程序所要求的更多的组时。 目前没有详细漏洞细节提供。
漏洞公告
厂商补丁: RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2003:249-11)以及相应补丁:
RHSA-2003:249-11:Updated glibc packages fix various issues
链接:https://www.redhat.com/support/errata/RHSA-2003-249.HTML
补丁下载:
Red Hat Enterprise Linux AS (v. 2.1)
--------------------------------------------------------------------------------
SRPMS:
glibc-2.2.4-32.8.src.rpm 779b9371ed6f3df44413d43439aedcdb
i386:
glibc-2.2.4-32.8.i386.rpm a45f96f4d14dc6a7411699dae7929c2b
glibc-common-2.2.4-32.8.i386.rpm 4307ee9036a34fc75ac369b54560e8b8
glibc-devel-2.2.4-32.8.i386.rpm d2a171dc3f0e406acb3089edc70add67
glibc-profile-2.2.4-32.8.i386.rpm ed1d806491ef9bc28f435a7e6c8c8392
nscd-2.2.4-32.8.i386.rpm 7ada51ed827ebc1091f05c83186f0597
i686:
glibc-2.2.4-32.8.i686.rpm ef0c8b62114ffdde63dafd6253c7e9d1
ia64:
glibc-2.2.4-32.8.ia64.rpm 3001471f06cdeb6dbe12a2dca31401a5
glibc-common-2.2.4-32.8.ia64.rpm 55f60657c2b2f320e2393f6441de56a2
glibc-devel-2.2.4-32.8.ia64.rpm 6e359bee323035b993214b6bfb89e903
glibc-profile-2.2.4-32.8.ia64.rpm b17a6bdc87d729cd39b767694cdb8a26
nscd-2.2.4-32.8.ia64.rpm 74d03cd22fe036b2f181d3f6528b97fa
Red Hat Enterprise Linux ES (v. 2.1)
--------------------------------------------------------------------------------
SRPMS:
glibc-2.2.4-32.8.src.rpm 779b9371ed6f3df44413d43439aedcdb
i386:
glibc-2.2.4-32.8.i386.rpm a45f96f4d14dc6a7411699dae7929c2b
glibc-common-2.2.4-32.8.i386.rpm 4307ee9036a34fc75ac369b54560e8b8
glibc-devel-2.2.4-32.8.i386.rpm d2a171dc3f0e406acb3089edc70add67
glibc-profile-2.2.4-32.8.i386.rpm ed1d806491ef9bc28f435a7e6c8c8392
nscd-2.2.4-32.8.i386.rpm 7ada51ed827ebc1091f05c83186f0597
i686:
glibc-2.2.4-32.8.i686.rpm ef0c8b62114ffdde63dafd6253c7e9d1
Red Hat Enterprise Linux WS (v. 2.1)
--------------------------------------------------------------------------------
SRPMS:
glibc-2.2.4-32.8.src.rpm 779b9371ed6f3df44413d43439aedcdb
i386:
glibc-2.2.4-32.8.i386.rpm a45f96f4d14dc6a7411699dae7929c2b
glibc-common-2.2.4-32.8.i386.rpm 4307ee9036a34fc75ac369b54560e8b8
glibc-devel-2.2.4-32.8.i386.rpm d2a171dc3f0e406acb3089edc70add67
glibc-profile-2.2.4-32.8.i386.rpm ed1d806491ef9bc28f435a7e6c8c8392
nscd-2.2.4-32.8.i386.rpm 7ada51ed827ebc1091f05c83186f0597
i686:
glibc-2.2.4-32.8.i686.rpm ef0c8b62114ffdde63dafd6253c7e9d1
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
--------------------------------------------------------------------------------
SRPMS:
glibc-2.2.4-32.8.src.rpm 779b9371ed6f3df44413d43439aedcdb
ia64:
glibc-2.2.4-32.8.ia64.rpm 3001471f06cdeb6dbe12a2dca31401a5
glibc-common-2.2.4-32.8.ia64.rpm 55f60657c2b2f320e2393f6441de56a2
glibc-devel-2.2.4-32.8.ia64.rpm 6e359bee323035b993214b6bfb89e903
glibc-profile-2.2.4-32.8.ia64.rpm b17a6bdc87d729cd39b767694cdb8a26
nscd-2.2.4-32.8.ia64.rpm 74d03cd22fe036b2f181d3f6528b97fa
上述包可以在如下地址获得:
http://rhn.redhat.com/
参考网址
来源: REDHAT 名称: RHSA-2003:249 链接:http://www.redhat.com/support/errata/RHSA-2003-249.HTML 来源: REDHAT 名称: RHSA-2003:325 链接:http://www.redhat.com/support/errata/RHSA-2003-325.HTML
受影响实体
- Redhat Enterprise_linux:2.1:Workstation_ia64
- Redhat Enterprise_linux:2.1:Workstation
- Redhat Enterprise_linux:2.1:Enterprise_server
- Redhat Enterprise_linux:2.1:Enterprise_server_ia64
- Redhat Enterprise_linux:2.1:Advanced_server_ia64
补丁
暂无
评论