Your submission was sent successfully! Close

CVE-2015-5277

Published: 17 December 2015

The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.

From the Ubuntu security team

Sumit Bose and Lukáš Slebodník discovered that the Name Service Switch (NSS) implementation in the GNU C Library did not handle long lines in the files databases correctly. A local attacker could use this to cause a denial of service (application crash) or possibly execute arbitrary code.

Priority

Medium

Status

Package Release Status
eglibc
Launchpad, Ubuntu, Debian
precise Not vulnerable
(code not present)
trusty
Released (2.19-0ubuntu6.8)
upstream Needs triage

vivid Does not exist

wily Does not exist

xenial Does not exist

glibc
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist

upstream
Released (2.20)
vivid Not vulnerable
(2.21-0ubuntu4)
wily Not vulnerable

xenial Not vulnerable