Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv2

CVE-2014-9402

Published: 24/02/2015 Updated: 13/02/2023
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
VMScore: 694
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Subscribe to Glibc

Vulnerability Summary

The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) prior to 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote malicious users to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnu glibc

canonical ubuntu linux 14.10

canonical ubuntu linux 14.04

canonical ubuntu linux 12.04

canonical ubuntu linux 10.04

opensuse opensuse 13.1

opensuse opensuse 13.2

Vendor Advisories

Red Hat: Moderate: glibc security, bug fix, and enhancement update
Synopsis Moderate: glibc security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for glibc is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ...
Ubuntu Security Notice: eglibc, glibc vulnerabilities
Several security issues were fixed in the GNU C Library ...
Debian Security Advisories: DSA-3169-1 eglibc -- security update
Several vulnerabilities have been fixed in eglibc, Debian's version of the GNU C library: CVE-2012-3406 The vfprintf function in stdio-common/vfprintfc in GNU C Library (aka glibc) 25, 212, and probably other versions does not properly restrict the use of the alloca function when allocating the SPECS array, which allows context- ...
Debian CVElist Bug Report Logs: glibc: CVE-2015-1472 CVE-2015-1473
Debian Bug report logs - #777197 glibc: CVE-2015-1472 CVE-2015-1473 Package: glibc; Maintainer for glibc is GNU Libc Maintainers <debian-glibc@listsdebianorg>; Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Fri, 6 Feb 2015 07:51:02 UTC Severity: grave Tags: security Fixed in versions glibc/219-15, eglibc ...
Debian CVElist Bug Report Logs: glibc: CVE-2014-7817 CVE-2014-9402
Debian Bug report logs - #775572 glibc: CVE-2014-7817 CVE-2014-9402 Package: src:glibc; Maintainer for src:glibc is GNU Libc Maintainers <debian-glibc@listsdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sat, 17 Jan 2015 14:42:02 UTC Severity: important Tags: security Found in version glibc/219 ...
Debian CVElist Bug Report Logs: CVE-2012-3406: glibc formatted printing vulnerabilities
Debian Bug report logs - #681888 CVE-2012-3406: glibc formatted printing vulnerabilities Package: src:glibc; Maintainer for src:glibc is GNU Libc Maintainers <debian-glibc@listsdebianorg>; Reported by: Moritz Muehlenhoff <muehlenhoff@univentionde> Date: Fri, 13 Jul 2012 13:42:15 UTC Severity: important Tags: secur ...
Amazon Linux AMI: ALAS-2018-1017
Fragmentation attacks possible when EDNS0 is enabledThe DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 226, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation(CVE-2017-12132) Buffer overflow in glob with GLOB_TI ...

Exploits

Exploit DB: WAGO 852 Industrial Managed Switch Series Code Execution / Hardcoded Credentials
The industrial managed switch series 852 from WAGO is affected by multiple vulnerabilities such as old software components embedded in the firmware Furthermore, hardcoded password hashes and credentials were also found by doing an automated scan with IoT Inspector ...
Exploit DB: Cisco Device Hardcoded Credentials / GNU glibc / BusyBox
Many Cisco devices such as Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, and Cisco 160W suffer from having hard-coded credentials, known GNU glibc, known BusyBox, and IoT Inspector identified vulnerabilities ...

Mailing Lists

Full Disclosure: SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series <!--X-Subject-Heade ...
Full Disclosure: SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X <!--X-Subject-Head ...

References

CWE-399http://www.openwall.com/lists/oss-security/2014/12/18/1http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.htmlhttps://sourceware.org/bugzilla/show_bug.cgi?id=17630http://www.ubuntu.com/usn/USN-2519-1http://www.securityfocus.com/bid/71670https://security.gentoo.org/glsa/201602-02http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlhttps://access.redhat.com/errata/RHSA-2018:0805http://seclists.org/fulldisclosure/2019/Jun/18https://seclists.org/bugtraq/2019/Jun/14http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.htmlhttp://seclists.org/fulldisclosure/2019/Sep/7https://seclists.org/bugtraq/2019/Sep/7http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.htmlhttps://access.redhat.com/errata/RHSA-2018:0805https://usn.ubuntu.com/2519-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21987buffer overflowCVE-2024-28890CVE-2024-27574CVE-2024-27347CVE-2024-31450privilegeSSTICVE-2024-31666
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook