CVE-2014-9402
Published: 24 February 2015
The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.
Notes
| Author | Note |
|---|---|
| mdeslaur | fixed by any/cvs-getnetbyname.diff in vivid |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
eglibc Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
| lucid |
Released
(2.11.1-0ubuntu7.21)
|
|
| precise |
Released
(2.15-0ubuntu10.11)
|
|
| trusty |
Released
(2.19-0ubuntu6.6)
|
|
| utopic |
Does not exist
|
|
|
glibc Launchpad, Ubuntu, Debian |
upstream |
Released
(2.21)
|
| lucid |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| utopic |
Released
(2.19-10ubuntu2.3)
|
|
|
Patches: upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f80af76648ed97a76745fad6caa3315a79cb1c7c |
||