The CERT/CC has received a public report of a local buffer overflow vulnerability in the grpck utility.
The grpck utility performs syntax checking of /etc/group and /etc/gshadow group information files. This utility contains a buffer overflow vulnerability in the section of code that parses command line arguments. By sending a command line argument string of approximately 3000 characters, it is possible to cause this utility to generate a segmentation fault. On systems where this utility is installed with setuid root privileges, it may be possible for local users to exploit this vulnerability to execute arbitrary code with superuser privileges.
This vulnerability has been reported to affect systems running IRIX and Linux, but other operating systems that include this setuid root utility are likely to be affected.
This vulnerability may allow a local user to execute arbitrary code with superuser privileges.
The CERT/CC is currently unaware of a practical solution to this problem.
Clear the setuid bit of affected binaries
Caldera Not Affected
Conectiva Not Affected
FreeBSD Not Affected
Fujitsu Not Affected
Hewlett Packard Not Affected
IBM Not Affected
NetBSD Not Affected
Openwall Not Affected
Red Hat Inc. Not Affected
SGI Not Affected
Sun Microsystems Inc. Not Affected
Apple Computer Inc. Unknown
Compaq Computer Corporation Unknown
Data General Unknown
NEC Corporation Unknown
Sony Corporation Unknown
This vulnerability was reported to several SecurityFocus mailing lists on 01/02/2002 by firstname.lastname@example.org.
This document was written by Jeffrey P. Lanza.
|Date First Published:||2002-01-04|
|Date Last Updated:||2002-07-05 21:19 UTC|