Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-9402

Опубликовано: 20 нояб. 2014
Источник: redhat
CVSS2: 1.2

Описание

The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.

Отчет

A non-standard system configuration ("networks: file dns" in /etc/nsswitch.conf) and possibly a DNS spoofing attack is required to exploit this flaw. Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5glibcWill not fix
Red Hat Enterprise Linux 6glibcWill not fix
Red Hat Enterprise Linux 7glibcFixedRHSA-2018:080510.04.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-835
https://bugzilla.redhat.com/show_bug.cgi?id=1175369glibc: denial of service in getnetbyname function

1.2 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-9402

ubuntu
больше 10 лет назад

The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.

nvd логотип

CVE-2014-9402

nvd
больше 10 лет назад

The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.

debian логотип

CVE-2014-9402

debian
больше 10 лет назад

The nss_dns implementation of getnetbyname in GNU C Library (aka glibc ...

github логотип

GHSA-9rf5-3j57-32x7

github
больше 3 лет назад

The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.

suse-cvrf логотип

SUSE-SU-2015:0526-1

suse-cvrf
больше 10 лет назад

Security update for glibc

1.2 Low

CVSS2