Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2014-8121

Published: 27 March 2015

DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.

From the Ubuntu Security Team

Robin Hack discovered that the Name Service Switch (NSS) implementation in the GNU C Library did not properly manage its file descriptors. An attacker could use this to cause a denial of service (infinite loop).

Priority

Low

Status

Package Release Status
eglibc
Launchpad, Ubuntu, Debian
lucid Ignored
(end of life, was needed)
precise
Released (2.15-0ubuntu10.14)
trusty
Released (2.19-0ubuntu6.8)
upstream Needs triage

utopic Does not exist

vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

glibc
Launchpad, Ubuntu, Debian
lucid Does not exist

precise Does not exist

trusty Does not exist

upstream Needs triage

utopic Ignored
(end of life)
wily
Released (2.21-0ubuntu4.2)
xenial Not vulnerable
(2.23-0ubuntu1)
yakkety Not vulnerable
(2.23-0ubuntu1)
zesty Not vulnerable
(2.23-0ubuntu1)
vivid Ignored
(end of life)
Patches:
upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=03d2730b44cc2236318fd978afa2651753666c55
upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b13b96ca05a132a12dc5f3712b99e626670716bf