Denial of Service Vulnerability in GNU C Library Affecting Various Linux Distributions
CVE-2014-8121

Currently unrated

Key Information:

Vendor: Suse
Status: Suse Linux Enterprise Server; Suse Linux Enterprise Desktop
Vendor: CVE Published:; 27 March 2015

Summary

The Name Service Switch (NSS) functionality in the GNU C Library, specifically in the nss_files component, fails to enforce proper checks on file states. This design flaw can be exploited by remote attackers, allowing them to induce a denial of service by causing an infinite loop during database lookup operations. By manipulating file pointers while iterating through database entries, attackers can disrupt service availability, leading to potential outages or performance degradation.

References

http://lists.opensuse.org/opensuse-security-announce/2015...

vendor-advisoryx_refsource_SUSE

https://bugzilla.redhat.com/show_bug.cgi?id=1165192

x_refsource_CONFIRM

http://lists.opensuse.org/opensuse-security-announce/2016...

vendor-advisoryx_refsource_SUSE

Timeline

Vulnerability published
Mar 27, 2015
Vulnerability Reserved
Oct 10, 2014