Mandrake Linux Security Advisory : glibc (MDKSA-2003:107)

High Nessus Plugin ID 14089


The remote Mandrake Linux host is missing one or more security updates.


A bug was discovered in the getgrouplist function in glibc that can cause a buffer overflow if the size of the group list is too small to hold all the user's groups. This overflow can cause segementation faults in various user applications, some of which may lead to additional security problems. The problem can only be triggered if the user is in a larger number of groups than expected by an application.

The provided packages are patched to address this issue.


Update the affected packages.

Plugin Details

Severity: High

ID: 14089

File Name: mandrake_MDKSA-2003-107.nasl

Version: $Revision: 1.15 $

Type: local

Published: 2004/07/31

Modified: 2013/05/31

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:glibc, p-cpe:/a:mandriva:linux:glibc-debug, p-cpe:/a:mandriva:linux:glibc-devel, p-cpe:/a:mandriva:linux:glibc-i18ndata, p-cpe:/a:mandriva:linux:glibc-profile, p-cpe:/a:mandriva:linux:glibc-static-devel, p-cpe:/a:mandriva:linux:glibc-utils, p-cpe:/a:mandriva:linux:ldconfig, p-cpe:/a:mandriva:linux:nscd, p-cpe:/a:mandriva:linux:timezone, cpe:/o:mandrakesoft:mandrake_linux:9.0, cpe:/o:mandrakesoft:mandrake_linux:9.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2003/11/18

Reference Information

CVE: CVE-2003-0689

MDKSA: 2003:107