Vulnerability Name:
CVE-2003-0689 (CCN-13053)
Assigned:
2003-08-22
Published:
2003-08-22
Updated:
2008-09-10
Summary:
The getgrouplist function in GNU libc (glibc) 2.2.4 and earlier allows attackers to cause a denial of service (segmentation fault) and execute arbitrary code when a user is a member of a large number of groups, which can cause a buffer overflow.
CVSS v3 Severity:
7.3 High
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
Low
Integrity (I):
Low
Availibility (A):
Low
CVSS v2 Severity:
7.5 High
(CVSS v2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
Partial
Availibility (A):
Partial
7.5 High
(CCN CVSS v2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
Partial
Availibility (A):
Partial
Vulnerability Type:
CWE-Other
Vulnerability Consequences:
Gain Access
References:
Source: MITRE
Type: CNA
CVE-2003-0689
Source: CCN
Type: Conectiva Linux Security Announcement CLSA-2003:762
glibc
Source: CCN
Type: RHSA-2003-249
glibc security update
Source: CCN
Type: RHSA-2003-325
Updated glibc packages provide security and bug fixes
Source: CCN
Type: GLSA-200311-06
glibc: getgrouplist buffer overflow vulnerability
Source: CCN
Type: Gentoo Linux Security Announcement 200311-05
sys-libs/glibc
Source: CCN
Type: Trustix Secure Linux Security Advisory #2003-0039
glibc
Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2003:249
Source: REDHAT
Type: UNKNOWN
RHSA-2003:325
Source: CCN
Type: BID-8477
Glibc Getgrouplist Function Buffer Overrun Vulnerability
Source: CCN
Type: TLSA-2003-66
Multiple vulnerabilities in glibc
Source: XF
Type: UNKNOWN
glibc-getgrouplist-bo(13053)
Vulnerable Configuration:
Configuration 1
:
cpe:/o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*
OR
cpe:/o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*
OR
cpe:/o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*
OR
cpe:/o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*
OR
cpe:/o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*
OR
cpe:/o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*
Configuration CCN 1
:
cpe:/a:gnu:libc:-:*:*:*:*:*:*:*
AND
cpe:/o:redhat:linux:7:*:*:*:*:*:*:*
OR
cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:*
OR
cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*
OR
cpe:/o:conectiva:linux:8.0:*:*:*:*:*:*:*
OR
cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:*
OR
cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
OR
cpe:/o:redhat:linux:8.0:*:*:*:*:*:*:*
OR
cpe:/o:mandrakesoft:mandrake_linux:9.0:*:*:*:*:*:*:*
OR
cpe:/a:mandrakesoft:mandrake_multi_network_firewall:8.2:*:*:*:*:*:*:*
OR
cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*
OR
cpe:/o:mandrakesoft:mandrake_linux:9.1:*:*:*:*:*:*:*
OR
cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
OR
cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
OR
cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
OR
cpe:/o:redhat:linux:9.0:*:*:*:*:*:*:*
OR
cpe:/o:redhat:enterprise_linux:2.1:*:aw:*:*:*:*:*
OR
cpe:/o:conectiva:linux:9.0:*:*:*:*:*:*:*
OR
cpe:/o:trustix:secure_linux:2.0:*:*:*:*:*:*:*
OR
cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*
OR
cpe:/o:mandrakesoft:mandrake_linux:9.1::ppc:*:*:*:*:*
OR
cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1::x86_64:*:*:*:*:*
Denotes that component is vulnerable
BACK
redhat
enterprise linux 2.1
redhat
enterprise linux 2.1
redhat
enterprise linux 2.1
redhat
enterprise linux 2.1
redhat
enterprise linux 2.1
redhat
enterprise linux 2.1
gnu
libc -
redhat
linux 7
redhat
linux 7.1
redhat
linux 7.2
conectiva
linux 8.0
redhat
linux 7.3
gentoo
linux *
redhat
linux 8.0
mandrakesoft
mandrake linux 9.0
mandrakesoft
mandrake multi network firewall 8.2
mandrakesoft
mandrake linux corporate server 2.1
mandrakesoft
mandrake linux 9.1
redhat
enterprise linux 2.1
redhat
enterprise linux 2.1
redhat
enterprise linux 2.1
redhat
linux 9.0
redhat
enterprise linux 2.1
conectiva
linux 9.0
trustix
secure linux 2.0
redhat
linux advanced workstation 2.1
mandrakesoft
mandrake linux 9.1
mandrakesoft
mandrake linux corporate server 2.1