RHEL 5 / 6 / 7 : glibc (CVE-2014-9402)

low Nessus Plugin ID 88862

Synopsis

The remote Red Hat host is potentially affected by a denial of service vulnerability.

Description

The remote Red Hat Enterprise Linux host has a version of glibc installed that is similar in patching level to version 2.21 of the official glibc library. It is, therefore, potentially affected by a denial of service vulnerability due to improper handling of alias names supplied to the getnetbyname() function. A remote attacker can exploit this to cause an invite loop by sending a positive answer to the host while a network name is being processed.

Note that Red Hat has no plans to release a patch since the host will only be affected by the vulnerability if it is running a 'networks:
file dns' non-standard configuration in /etc/nsswitch.conf, and the host is targeted by a separate DNS spoofing attack.

Solution

No patch from Red Hat is currently available. However, users are advised to check their settings, and upgrade to a glibc package released after February, 2nd 2015.

See Also

https://www.redhat.com/security/data/cve/CVE-2014-9402.html

Plugin Details

Severity: Low

ID: 88862

File Name: redhat-CVE-2014-9402.nasl

Version: 1.7

Type: local

Agent: unix

Published: 2/19/2016

Updated: 7/25/2018

Configuration: Enable paranoid mode

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Low

Base Score: 1.2

Temporal Score: 0.9

Vector: CVSS2#AV:L/AC:H/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/o:redhat:enterprise_linux:6, cpe:/o:redhat:enterprise_linux:7, cpe:/o:redhat:enterprise_linux:5, p-cpe:/a:redhat:enterprise_linux:glibc

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu, Settings/ParanoidReport

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 2/24/2015

Reference Information

CVE: CVE-2014-9402

BID: 71670