CVE-2024-33599: nscd Stack-based Buffer Overflow in Netgroup Cache

A stack-based buffer overflow vulnerability has been identified in the Name Service Cache Daemon (nscd) that occurs when the netgroup cache gets exhausted by client requests. Specifically, this flaw was introduced in version 2.15 of the GNU C Library (glibc) when the cache was added to nscd. It is important to note that this vulnerability is found exclusively within the nscd binary.

Exploit Details

In nscd, a fixed size cache is in place to store the netgroup data received from client requests. When this cache reaches its capacity and a subsequent client request for netgroup data is made, a buffer overflow may occur. A buffer overflow vulnerability means that an attacker may exploit it and execute arbitrary code which could lead to a server compromise. The presence of this vulnerability poses a significant threat to the security of the affected systems.

Code Snippet

Below is an example of a vulnerable code that leads to this stack-based buffer overflow in nscd's netgroup cache:

// nscd code snippet
...
  struct {
    request_header request;
    char buf[xxx];
  } *req;
...
  if (req->request.type == NSCD_NETGROUP_TYPE) {
    // call the function which processes netgroup data
    process_netgroup_request((const char *)req->buf, NULL);
  }
...

In the above code snippet, the request type is stored in a fixed-size buffer called buf. When a client sends an overly large request, it overfills the buf, causing the stack-based buffer overflow.

Original References

For more information on the glibc 2.15 release and this vulnerability, check the following references:

- Glibc 2.15 Release Notes (where the cache was added to nscd): https://sourceware.org/pipermail/libc-alpha/202-August/117134.html
- Glibc Mailing List Discussions (where this vulnerability was discussed): https://sourceware.org/pipermail/libc-alpha/2024-February/thread.html

Mitigations

Users are encouraged to update their systems to the latest glibc version which addresses this vulnerability (e.g., glibc 2.32 or later).

Furthermore, system administrators can limit the exceeded cache usage by implementing monitoring mechanisms and adjusting cache sizes in the configuration files (/etc/nscd.conf). This would reduce the likelihood of cache exhaustion and thus mitigate the vulnerability.

Conclusion

CVE-2024-33599 is a critical stack-based buffer overflow vulnerability found within nscd's netgroup cache. This flaw was introduced in the glibc 2.15 version and affects the nscd binary exclusively. Users are encouraged to update to the latest glibc version and implement appropriate mitigations to safeguard their systems from potential exploits.

Timeline

Published on: 05/06/2024 20:15:11 UTC
Last modified on: 07/22/2024 18:15:03 UTC