Glibc vulnerability / update

elaine elaine at
Mon Oct 20 16:37:52 GMT 2003

A buffer overflow error has been reported in glibc getgrouplist()

This causes a known remote denial of service vulnerablity in samba 3.0
and could be vulnerable to remote exploits.

This update is not (at this time) forced. If you run remotely accessible
services which may use getgrouplist() updating moonbase and re-installing 
glibc is probably a good idea.

from: :

"According to a Red Hat bug report by Matt Seitz, this flaw can cause segfaults 
in Samba 3.0. Other applications may be affected in a different manner, 
depending on how the application uses the getgrouplist() function."


More information about the lunar mailing list