This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug network/18007] New: nss_files file pointer reset during iteration causes application denial of service (CVE-2014-8121)


https://sourceware.org/bugzilla/show_bug.cgi?id=18007

            Bug ID: 18007
           Summary: nss_files file pointer reset during iteration causes
                    application denial of service (CVE-2014-8121)
           Product: glibc
           Version: 2.21
            Status: NEW
          Severity: normal
          Priority: P2
         Component: network
          Assignee: fweimer at redhat dot com
          Reporter: fweimer at redhat dot com
             Flags: security+

Robin Hack discovered that Samba would enter an infinite loop when processing
quota-related requests.  It turns out this is a bug in the nss_files database. 
Performing a lookup in the middle of an iteration (say, getwuid between
getpwent) effectively resets the file pointer, so that the iteration starts
again from the beginning.

I'll post a patch to libc-alpha shortly.

-- 
You are receiving this mail because:
You are on the CC list for the bug.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]