This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug network/18007] New: nss_files file pointer reset during iteration causes application denial of service (CVE-2014-8121)
- From: "fweimer at redhat dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Mon, 23 Feb 2015 11:24:17 +0000
- Subject: [Bug network/18007] New: nss_files file pointer reset during iteration causes application denial of service (CVE-2014-8121)
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=18007
Bug ID: 18007
Summary: nss_files file pointer reset during iteration causes
application denial of service (CVE-2014-8121)
Product: glibc
Version: 2.21
Status: NEW
Severity: normal
Priority: P2
Component: network
Assignee: fweimer at redhat dot com
Reporter: fweimer at redhat dot com
Flags: security+
Robin Hack discovered that Samba would enter an infinite loop when processing
quota-related requests. It turns out this is a bug in the nss_files database.
Performing a lookup in the middle of an iteration (say, getwuid between
getpwent) effectively resets the file pointer, so that the iteration starts
again from the beginning.
I'll post a patch to libc-alpha shortly.
--
You are receiving this mail because:
You are on the CC list for the bug.