CVE-2014-8121
Published: 27 March 2015
DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.
From the Ubuntu Security Team
Robin Hack discovered that the Name Service Switch (NSS) implementation in the GNU C Library did not properly manage its file descriptors. An attacker could use this to cause a denial of service (infinite loop).
Priority
Status
Package | Release | Status |
---|---|---|
eglibc Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life, was needed)
|
precise |
Released
(2.15-0ubuntu10.14)
|
|
trusty |
Released
(2.19-0ubuntu6.8)
|
|
upstream |
Needs triage
|
|
utopic |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
glibc Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
utopic |
Ignored
(end of life)
|
|
wily |
Released
(2.21-0ubuntu4.2)
|
|
xenial |
Not vulnerable
(2.23-0ubuntu1)
|
|
yakkety |
Not vulnerable
(2.23-0ubuntu1)
|
|
zesty |
Not vulnerable
(2.23-0ubuntu1)
|
|
vivid |
Ignored
(end of life)
|
|
Patches: upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=03d2730b44cc2236318fd978afa2651753666c55 upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b13b96ca05a132a12dc5f3712b99e626670716bf |