Detections
Analytics
Mandrake Linux Security Advisory : glibc (MDKSA-2003:107)
high Nessus Plugin ID 14089
Synopsis
The remote Mandrake Linux host is missing one or more security updates.Description
A bug was discovered in the getgrouplist function in glibc that can cause a buffer overflow if the size of the group list is too small to hold all the user's groups. This overflow can cause segementation faults in various user applications, some of which may lead to additional security problems. The problem can only be triggered if the user is in a larger number of groups than expected by an application.The provided packages are patched to address this issue.
Solution
Update the affected packages.Plugin Details
Severity: High
ID: 14089
File Name: mandrake_MDKSA-2003-107.nasl
Version: 1.18
Type: local
Family: Mandriva Local Security Checks
Published: 7/31/2004
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.8
CVSS v2
Risk Factor: High
Base Score: 7.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:glibc, p-cpe:/a:mandriva:linux:glibc-debug, p-cpe:/a:mandriva:linux:glibc-devel, p-cpe:/a:mandriva:linux:glibc-i18ndata, p-cpe:/a:mandriva:linux:glibc-profile, p-cpe:/a:mandriva:linux:glibc-static-devel, p-cpe:/a:mandriva:linux:glibc-utils, p-cpe:/a:mandriva:linux:ldconfig, p-cpe:/a:mandriva:linux:nscd, p-cpe:/a:mandriva:linux:timezone, cpe:/o:mandrakesoft:mandrake_linux:9.0, cpe:/o:mandrakesoft:mandrake_linux:9.1
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Patch Publication Date: 11/18/2003
Reference Information
CVE: CVE-2003-0689
MDKSA: 2003:107