CVE-2003-0689

Name of the Vulnerable Software and Affected Versions glibc versions 2.2.4 through 2.2.5 glibc versions 2.3.2 glibc-common versions 2.2.4 through 2.2.5 glibc-common version 2.3.2 glibc-debug versions 2.2.5 through 2.3.2 glibc-debug-static versions 2.2.5 through 2.3.2 glibc-devel versions 2.2.4 through 2.3.2 glibc-profile versions 2.2.4 through 2.3.2 glibc-utils versions 2.2.5 through 2.3.2

Description The issue affects the glibc package in Red Hat Linux, allowing attackers to cause a denial of service and execute arbitrary code when a user is a member of a large number of groups, which can cause a buffer overflow. The getgrouplist function in GNU libc is vulnerable. Exploitation of the vulnerabilities can lead to disruption of confidentiality, integrity, and availability of protected information and can be carried out remotely.

Recommendations For glibc versions 2.2.4 through 2.2.5, update to a version that fixes the getgrouplist function issue. For glibc versions 2.3.2, update to a version that fixes the getgrouplist function issue. For glibc-common versions 2.2.4 through 2.2.5, update to a version that fixes the getgrouplist function issue. For glibc-common version 2.3.2, update to a version that fixes the getgrouplist function issue. For glibc-debug versions 2.2.5 through 2.3.2, update to a version that fixes the getgrouplist function issue. For glibc-debug-static versions 2.2.5 through 2.3.2, update to a version that fixes the getgrouplist function issue. For glibc-devel versions 2.2.4 through 2.3.2, update to a version that fixes the getgrouplist function issue. For glibc-profile versions 2.2.4 through 2.3.2, update to a version that fixes the getgrouplist function issue. For glibc-utils versions 2.2.5 through 2.3.2, update to a version that fixes the getgrouplist function issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.