Re: The GNU C Library security advisories update for 2024-05-06

[Jiazi Yu <yujiazi@gmail.com>]

[-- Attachment #1: Type: text/plain, Size: 2681 bytes --]

unsubscribe

Carlos O'Donell via Libc-announce <libc-announce@sourceware.org>
于2024年5月7日周二 03:33写道：

> The following security advisories have been published:
>
> GLIBC-SA-2024-0005:
> ===================
> nscd: Stack-based buffer overflow in netgroup cache
>
> If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted
> by client requests then a subsequent client request for netgroup data
> may result in a stack-based buffer overflow.  This flaw was introduced
> in glibc 2.15 when the cache was added to nscd.
>
> This vulnerability is only present in the nscd binary.
>
> GLIBC-SA-2024-0006:
> ===================
> nscd: Null pointer crash after notfound response
>
> If the Name Service Cache Daemon's (nscd) cache fails to add a not-found
> netgroup response to the cache, the client request can result in a null
> pointer dereference.  This flaw was introduced in glibc 2.15 when the
> cache was added to nscd.
>
> This vulnerability is only present in the nscd binary.
>
> GLIBC-SA-2024-0007:
> ===================
> nscd: netgroup cache may terminate daemon on memory allocation failure
>
> The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or
> xrealloc and these functions may terminate the process due to a memory
> allocation failure resulting in a denial of service to the clients.  The
> flaw was introduced in glibc 2.15 when the cache was added to nscd.
>
> This vulnerability is only present in the nscd binary.
>
> Subsequent refactoring of the netgroup cache only added more uses of
> xmalloc and xrealloc. Uses of xmalloc and xrealloc in other parts of
> nscd only occur during startup of the daemon and so are not affected by
> client requests that could trigger an out of memory followed by
> termination.
>
> GLIBC-SA-2024-0008:
> ===================
> nscd: netgroup cache assumes NSS callback uses in-buffer strings
>
> The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory
> when the NSS callback does not store all strings in the provided buffer.
> The flaw was introduced in glibc 2.15 when the cache was added to nscd.
>
> This vulnerability is only present in the nscd binary.
>
> There is no guarantee from the NSS callback API that the returned
> strings are all within the buffer. However, the netgroup cache code
> assumes that the NSS callback uses in-buffer strings and if it doesn't
> the buffer resizing logic could lead to potential memory corruption.
>
> Published advisories are available directly in the project git repository:
> https://sourceware.org/git/?p=glibc.git;a=tree;f=advisories;hb=HEAD
>
>