Your submission was sent successfully! Close


Published: 27 March 2015

DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.

From the Ubuntu security team

Robin Hack discovered that the Name Service Switch (NSS) implementation in the GNU C Library did not properly manage its file descriptors. An attacker could use this to cause a denial of service (infinite loop).




Package Release Status
Launchpad, Ubuntu, Debian
lucid Needed

Released (2.15-0ubuntu10.14)
Released (2.19-0ubuntu6.8)
upstream Needs triage

utopic Does not exist

vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

Launchpad, Ubuntu, Debian
lucid Does not exist

precise Does not exist

trusty Does not exist

upstream Needs triage

utopic Ignored
(reached end-of-life)
vivid Ignored
(reached end-of-life)
Released (2.21-0ubuntu4.2)
xenial Not vulnerable
yakkety Not vulnerable
zesty Not vulnerable