GNU glibc Denial of Service Vulnerability (CVE-2014-8121)
Release date:
Updated on:
Affected Systems:
GNU glibc
Description:
Bugtraq id: 73038
CVE (CAN) ID: CVE-2014-8121
Glibc is the libc library released by GNU, that is, the c Runtime Library. Glibc is the most underlying api in linux, and almost any other Runtime Library depends on glibc.
The file backend of Name Service Switch (NSS) does not isolate the entire database iteration from the key-Based Query API call. When the application queries the database, it will enter an infinite loop, resulting in a denial of service.
<* Source: Robin Hack
*>
Suggestion:
Vendor patch:
GNU
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.gnu.org
Dangerous! GHOST (GHOST) vulnerability exposure
GNU glibc gethostbyname Buffer Overflow Vulnerability
Glibc gethostbyname Buffer Overflow Vulnerability (CVE-2015-0235)
Linux glibc ghost vulnerability test and repair methods