CVE-2024-33601: NSCD Netgroup Cache Memory Allocation Failure leading to Denial of Service
A vulnerability has been discovered in the Name Service Cache Daemon (NSCD) that may cause the daemon to terminate on memory allocation failure. This can lead to a denial of service for the clients. The vulnerability was first introduced in glibc 2.15 when the cache was added to the NSCD.
Affected Components
This vulnerability is only present in the NSCD binary.
Vulnerability Details
The NSCD's netgroup cache uses xmalloc and xrealloc functions. These functions may terminate the process due to a memory allocation failure, which can result in a denial of service to the clients. The flawed code snipplet is as follows:
// ...within some function
void *tmp = xrealloc(ptr, size);
// ...
This vulnerability happens because xrealloc and xmalloc are designed to terminate the program (abort) when they fail to allocate memory. A potential fix would be replacing xmalloc and xrealloc with their equivalent standard malloc and realloc functions, and checking the return value for possible failures:
// ...within some function
void *tmp = realloc(ptr, size);
if (tmp == NULL) {
// Handle memory allocation failure properly
// Instead of prematurely terminating the daemon
}
// ...
Impact
Under specific conditions, when a memory allocation failure occurs, the NSCD process can be terminated. This will disrupt any ongoing connections to the daemon, and may lead to downtime for the clients and services that depend on the NSCD for resolving user and group information.
Exploitation
Currently, there is no publicly known exploit for this vulnerability. However, considering the simplicity of the vulnerable code, it is recommended to patch the vulnerable systems as soon as possible.
Mitigation
A possible mitigation tactic is to replace the original xmalloc and xrealloc functions with their standard counterparts - malloc and realloc, as demonstrated in the example code above. By doing this, the NSCD daemon will handle memory allocation failures more gracefully, preventing the termination of the process and the resulting denial of service.
Original References
1. "NSCD: netgroup cache may terminate daemon on memory allocation failure." GNU C Library (glibc). https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2024-33601
2. "glibc-2.15 release notes." GNU C Library. https://sourceware.org/glibc/wiki/Release/2.15
Conclusion
This vulnerability (CVE-2024-33601), affecting the NSCD netgroup cache, can lead to service disruption for clients when memory allocation failures occur. The issue was introduced in glibc 2.15 and is present only in the NSCD binary. Although there is no known public exploit, it is highly recommended to patch the affected systems to prevent potential denial of service attacks.
Timeline
Published on: 05/06/2024 20:15:11 UTC
Last modified on: 08/02/2024 02:36:04 UTC