Published: 27/03/2015 Updated: 13/02/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Subscribe to Suse Linux Enterprise Server

DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and previous versions does not properly check if a file is open, which allows remote malicious users to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.

Vulnerable Product	Search on Vulmon	Subscribe to Product
suse suse linux enterprise server 11.0
suse suse linux enterprise desktop 11
gnu glibc
canonical ubuntu linux 12.04
canonical ubuntu linux 15.10
canonical ubuntu linux 14.04

Several security issues were fixed in the GNU C Library ...

USN-2985-1 introduced a regression in the GNU C Library ...

Debian Bug report logs - #803927 glibc: multiple overflows in strxfrm() Package: src:glibc; Maintainer for src:glibc is GNU Libc Maintainers <debian-glibc@listsdebianorg>; Reported by: Raphael Hertzog <hertzog@debianorg> Date: Tue, 3 Nov 2015 10:00:02 UTC Severity: serious Tags: fixed-upstream, security Found in ...

Debian Bug report logs - #798316 libc6: Pointer guarding bypass in dynamic Setuid binaries Package: libc6; Maintainer for libc6 is GNU Libc Maintainers <debian-glibc@listsdebianorg>; Source for libc6 is src:glibc (PTS, buildd, popcon) Reported by: Hideki Yamane <henrich@debianorjp> Date: Tue, 8 Sep 2015 01:24:02 ...

Debian Bug report logs - #799966 glibc: CVE-2015-5277: data corruption while reading the NSS files database Package: src:glibc; Maintainer for src:glibc is GNU Libc Maintainers <debian-glibc@listsdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Thu, 24 Sep 2015 18:54:02 UTC Severity: important Tag ...

Debian Bug report logs - #779587 glibc: Three vulnerabilities Package: src:glibc; Maintainer for src:glibc is GNU Libc Maintainers <debian-glibc@listsdebianorg>; Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Mon, 2 Mar 2015 18:42:02 UTC Severity: important Tags: patch, security Merged with 808819 Found i ...

An out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8 An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application (CVE-2014-6040) It was found that the files back end of Name Service Switch (NSS) did not ...

CWE-17 https://bugzilla.redhat.com/show_bug.cgi?id=1165192 http://rhn.redhat.com/errata/RHSA-2015-0327.html https://sourceware.org/ml/libc-alpha/2015-02/msg00617.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html http://www.ubuntu.com/usn/USN-2985-2 http://www.ubuntu.com/usn/USN-2985-1 https://security.gentoo.org/glsa/201602-02 http://www.securityfocus.com/bid/73038 http://www.debian.org/security/2016/dsa-3480 https://nvd.nist.gov https://usn.ubuntu.com/2985-1/

CVE-2014-8121

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect