Follow @discotekdotca
CVE-2014-8121
Current Description
DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.
Basic Data
| Published | March 27, 2015 |
|---|---|
| Last Modified | October 17, 2018 |
| Assigner | cve@mitre.org |
| Data Type | CVE |
| Data Format | MITRE |
| Data Version | 4.0 |
| Problem Type | CWE-17 |
| CVE Data Version | 4.0 |
Base Metric V2
| CVSS 2 - Version | 2.0 |
|---|---|
| CVSS 2 - Vector String | AV:N/AC:L/Au:N/C:N/I:N/A:P |
| CVSS 2 - Access Vector | NETWORK |
| CVSS 2 - Access Complexity | LOW |
| CVSS 2 - Authentication | NONE |
| CVSS 2 - Confidentiality Impact | NONE |
| CVSS 2 - Availability Impact | PARTIAL |
| CVSS 2 - Base Score | 5.0 |
| Severity | MEDIUM |
| Exploitability Score | 10.0 |
| Impact Score | 2.9 |
| Obtain All Privilege | false |
| Obtain User Privilege | false |
| Obtain Other Privilege | false |
Base Metric V3
No data provided.
Configurations
-
OR - Configuration 1
Cpe Version Part Vendor Product Version Update Edition Language SW Edition Target SW Target HW Other Version Start Including Version End Including Version Start Excluding Version End Excluding 2.3 OS Suse Suse Linux Enterprise Desktop 11 sp3 * * * * * * � � � � 2.3 OS Suse Suse Linux Enterprise Desktop 11 sp4 * * * * * * � � � � 2.3 OS Suse Suse Linux Enterprise Server 11.0 sp3 * * * * * * � � � � 2.3 OS Suse Suse Linux Enterprise Server 11.0 sp3 * * * vmware * * � � � � 2.3 OS Suse Suse Linux Enterprise Server 11.0 sp4 * * * * * * � � � � -
OR - Configuration 2
Cpe Version Part Vendor Product Version Update Edition Language SW Edition Target SW Target HW Other Version Start Including Version End Including Version Start Excluding Version End Excluding 2.3 Application Gnu Glibc * * * * * * * * � 2.21 � � -
OR - Configuration 3
Cpe Version Part Vendor Product Version Update Edition Language SW Edition Target SW Target HW Other Version Start Including Version End Including Version Start Excluding Version End Excluding 2.3 OS Canonical Ubuntu Linux 12.04 * * * lts * * * � � � � 2.3 OS Canonical Ubuntu Linux 14.04 * * * lts * * * � � � � 2.3 OS Canonical Ubuntu Linux 15.10 * * * * * * * � � � �
Vulnerable Software List
| Vendor | Product | Versions |
|---|---|---|
| Canonical | Ubuntu Linux | 12.04, 14.04, 15.10 |
| Gnu | Glibc | * |
| Suse | Suse Linux Enterprise Desktop | 11 |
| Suse | Suse Linux Enterprise Server | 11.0 |
References
| Name | Source | URL | Tags |
|---|---|---|---|
| SUSE-SU-2015:1424 | http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html | SUSE | Mailing List |
| SUSE-SU-2016:0470 | http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html | SUSE | Mailing List |
| RHSA-2015:0327 | http://rhn.redhat.com/errata/RHSA-2015-0327.html | REDHAT | Third Party Advisory |
| DSA-3480 | http://www.debian.org/security/2016/dsa-3480 | DEBIAN | Third Party Advisory |
| 73038 | http://www.securityfocus.com/bid/73038 | BID | Third Party Advisory VDB Entry |
| USN-2985-1 | http://www.ubuntu.com/usn/USN-2985-1 | UBUNTU | Third Party Advisory |
| USN-2985-2 | http://www.ubuntu.com/usn/USN-2985-2 | UBUNTU | Third Party Advisory |
| https://bugzilla.redhat.com/show_bug.cgi?id=1165192 | https://bugzilla.redhat.com/show_bug.cgi?id=1165192 | CONFIRM | Exploit Issue Tracking |
| GLSA-201602-02 | https://security.gentoo.org/glsa/201602-02 | GENTOO | Third Party Advisory |
| [libc-alpha] 20150223 [PATCH] CVE-2014-8121: Fix nss_files file management [BZ#18007] | https://sourceware.org/ml/libc-alpha/2015-02/msg00617.html | MLIST | Exploit |