CVE-2014-9402
Published: 24 February 2015
The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.
Notes
Author | Note |
---|---|
mdeslaur | fixed by any/cvs-getnetbyname.diff in vivid |
Priority
Status
Package | Release | Status |
---|---|---|
eglibc Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
lucid |
Released
(2.11.1-0ubuntu7.21)
|
|
precise |
Released
(2.15-0ubuntu10.11)
|
|
trusty |
Released
(2.19-0ubuntu6.6)
|
|
utopic |
Does not exist
|
|
glibc Launchpad, Ubuntu, Debian |
upstream |
Released
(2.21)
|
lucid |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
utopic |
Released
(2.19-10ubuntu2.3)
|
|
Patches: upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f80af76648ed97a76745fad6caa3315a79cb1c7c |