CVE-2014-9402

Published: Feb 24, 2015Modified: May 6, 2026

7.8

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability: 10.0 / Impact: 6.9

Source: NVD

Description

The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.

Affected (7)

Products: Gnu: Glibc · Canonical: Ubuntu Linux · Opensuse: Opensuse

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Gnu Glibc	Up to 2.20

Configuration B

6 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 10.04
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 14.10
Opensuse Opensuse	Version 13.1
Opensuse Opensuse	Version 13.2

Related CWEs

References (28)

http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.html

Source: secalert@redhat.com

http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html

Source: secalert@redhat.com

http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html

Source: secalert@redhat.com

http://seclists.org/fulldisclosure/2019/Jun/18

Source: secalert@redhat.com

http://seclists.org/fulldisclosure/2019/Sep/7

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2014/12/18/1

Source: secalert@redhat.com

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

Source: secalert@redhat.com

http://www.securityfocus.com/bid/71670

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-2519-1

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2018:0805

Source: secalert@redhat.com

https://seclists.org/bugtraq/2019/Jun/14

Source: secalert@redhat.com

https://seclists.org/bugtraq/2019/Sep/7

Source: secalert@redhat.com

https://security.gentoo.org/glsa/201602-02

Source: secalert@redhat.com

https://sourceware.org/bugzilla/show_bug.cgi?id=17630

Source: secalert@redhat.com

Exploit

http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2019/Jun/18

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2019/Sep/7

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2014/12/18/1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/71670

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-2519-1

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2018:0805

Source: af854a3a-2127-422b-91ae-364da2661108

https://seclists.org/bugtraq/2019/Jun/14

Source: af854a3a-2127-422b-91ae-364da2661108

https://seclists.org/bugtraq/2019/Sep/7

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/201602-02

Source: af854a3a-2127-422b-91ae-364da2661108

https://sourceware.org/bugzilla/show_bug.cgi?id=17630

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.