exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2014-8121

Status Candidate

Overview

DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.

Related Files

Ubuntu Security Notice USN-2985-2
Posted May 26, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2985-2 - USN-2985-1 fixed vulnerabilities in the GNU C Library. The fix for CVE-2014-9761 introduced a regression which affected applications that use the libm library but were not fully restarted after the upgrade. This update removes the fix for CVE-2014-9761 and a future update will be provided to address this issue. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2014-8121, CVE-2014-9761, CVE-2015-1781, CVE-2015-5277, CVE-2015-8776, CVE-2015-8777, CVE-2015-8778, CVE-2015-8779, CVE-2016-3075
SHA-256 | 2a6f679b626f83a064fc3dc159f612a216d5445b2d132256da0fb78b6542247d
Gentoo Linux Security Advisory 201602-02
Posted Feb 17, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201602-2 - Multiple vulnerabilities have been found in the GNU C library, the worst allowing for remote execution of arbitrary code. Versions less than 2.21-r2 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2013-7423, CVE-2014-0475, CVE-2014-5119, CVE-2014-6040, CVE-2014-7817, CVE-2014-8121, CVE-2014-9402, CVE-2015-1472, CVE-2015-1781, CVE-2015-7547, CVE-2015-8776, CVE-2015-8778, CVE-2015-8779
SHA-256 | 7fb31d7914b4d8d365ed0e55052ae4ab9788d37ba1146e4a9261c90a46a215e4
Debian Security Advisory 3480-1
Posted Feb 16, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3480-1 - Several vulnerabilities have been fixed in the GNU C Library, eglibc.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2014-8121, CVE-2015-1781, CVE-2015-7547, CVE-2015-8776, CVE-2015-8777, CVE-2015-8778, CVE-2015-8779
SHA-256 | f21bc37873b6d3f878293b24b50bceadf6e2f468ced587d39dcdaea3989a7fc3
Ubuntu Security Notice USN-2985-1
Posted May 26, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2985-1 - Martin Carpenter discovered that pt_chown in the GNU C Library did not properly check permissions for tty files. A local attacker could use this to gain administrative privileges or expose sensitive information. Robin Hack discovered that the Name Service Switch (NSS) implementation in the GNU C Library did not properly manage its file descriptors. An attacker could use this to cause a denial of service (infinite loop). Various other issues were also addressed.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2013-2207, CVE-2014-8121, CVE-2014-9761, CVE-2015-1781, CVE-2015-5277, CVE-2015-8776, CVE-2015-8777, CVE-2015-8778, CVE-2015-8779, CVE-2016-2856, CVE-2016-3075
SHA-256 | 493c76ea8ce318894b316a5a208fb8df41462f866dbab930ef81d92361f8208c
Red Hat Security Advisory 2015-0327-02
Posted Mar 5, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0327-02 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application. It was found that the files back end of Name Service Switch did not isolate iteration over an entire database from key-based look-up API calls. An application performing look-ups on a database while iterating over it could enter an infinite loop, leading to a denial of service.

tags | advisory, denial of service
systems | linux, redhat, osx
advisories | CVE-2014-6040, CVE-2014-8121
SHA-256 | 4a16c6ab2c6c11d8d47f0d52c425c5e09912802eec21306db67227f5c23219c6
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close