Summary: | <sys-libs/glibc-2.20-r2: denial of service in getnetbyname function (CVE-2014-9402) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | toolchain |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=11e3417af6e354f1942c68a271ae51e892b2814d | ||
See Also: | https://bugzilla.redhat.com/show_bug.cgi?id=1175369 | ||
Whiteboard: | A3 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 516884, 544034 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2014-12-17 16:51:07 UTC
fix is also in glibc-2.20-r2 now CVE-2014-9402 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9402): The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process. This issue was resolved and addressed in GLSA 201602-02 at https://security.gentoo.org/glsa/201602-02 by GLSA coordinator Tobias Heinlein (keytoaster). |