Vulnerability Details : CVE-2014-8121
DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.
Vulnerability category: Denial of service
Products affected by CVE-2014-8121
- cpe:2.3:o:suse:suse_linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop:11:sp4:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:11.0:sp3:*:*:*:vmware:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:11.0:sp3:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:11.0:sp4:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-8121
1.91%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 89 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-8121
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2014-8121
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-8121
-
https://sourceware.org/ml/libc-alpha/2015-02/msg00617.html
Florian Weimer - [PATCH] CVE-2014-8121: Fix nss_files file management [BZ#18007]Exploit
-
http://www.debian.org/security/2016/dsa-3480
Debian -- Security Information -- DSA-3480-1 eglibcThird Party Advisory
-
https://security.gentoo.org/glsa/201602-02
GNU C Library: Multiple vulnerabilities (GLSA 201602-02) — Gentoo securityThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2015-0327.html
RHSA-2015:0327 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.ubuntu.com/usn/USN-2985-1
USN-2985-1: GNU C Library vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1165192
1165192 – (CVE-2014-8121) CVE-2014-8121 glibc: Unexpected closing of nss_files databases after lookups causes denial of serviceExploit;Issue Tracking
-
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html
[security-announce] SUSE-SU-2015:1424-1: important: Security update forMailing List
-
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html
[security-announce] SUSE-SU-2016:0470-1: important: Security update forMailing List
-
http://www.securityfocus.com/bid/73038
GNU glibc CVE-2014-8121 Infinite Loop Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
http://www.ubuntu.com/usn/USN-2985-2
USN-2985-2: GNU C Library regression | Ubuntu security noticesThird Party Advisory
Jump to