Your submission was sent successfully! Close

CVE-2014-8121

Published: 27 March 2015

DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.

From the Ubuntu security team

Robin Hack discovered that the Name Service Switch (NSS) implementation in the GNU C Library did not properly manage its file descriptors. An attacker could use this to cause a denial of service (infinite loop).

Priority

Low

Status

Package Release Status
eglibc
Launchpad, Ubuntu, Debian
lucid Needed

precise
Released (2.15-0ubuntu10.14)
trusty
Released (2.19-0ubuntu6.8)
upstream Needs triage

utopic Does not exist

vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

glibc
Launchpad, Ubuntu, Debian
lucid Does not exist

precise Does not exist

trusty Does not exist

upstream Needs triage

utopic Ignored
(reached end-of-life)
vivid Ignored
(reached end-of-life)
wily
Released (2.21-0ubuntu4.2)
xenial Not vulnerable
(2.23-0ubuntu1)
yakkety Not vulnerable
(2.23-0ubuntu1)
zesty Not vulnerable
(2.23-0ubuntu1)
Patches:
upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=03d2730b44cc2236318fd978afa2651753666c55
upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b13b96ca05a132a12dc5f3712b99e626670716bf