CVE-2014-9402

Vulnerability

The nss_dns implementation of getnetbyname() in the GNU C Library (glibc) before version 2.21 contains a flaw that can cause an infinite loop. The bug is present in the DNS backend when the Name Service Switch (NSS) configuration is set to use DNS for network name resolution. When a DNS positive answer is received while a network name is being processed, the function fails to correctly handle the response, leading to a non-terminating loop. All glibc versions prior to 2.21 are affected [1].

Exploitation

An attacker who can send a crafted DNS positive answer to a target system can trigger this vulnerability. No authentication is required, and the attacker only needs network access to send malicious DNS responses to the victim, which may be on the same network or via the internet if the system uses an external resolver. The attack is triggered when the target's getnetbyname() function processes the attacker-controlled DNS response during network name resolution.

Impact

Successful exploitation leads to a denial of service (DoS) condition. The affected function enters an infinite loop, causing the application or process that invoked it to hang indefinitely. This can disrupt services that rely on network name resolution, potentially making the system unresponsive to certain network operations. The loop does not provide code execution or privilege escalation, but it can be used to degrade or disable network functionality.

Mitigation

The vulnerability is fixed in glibc version 2.21 and later. Red Hat Enterprise Linux 7 received an updated package via RHSA-2018:0805, which upgrades glibc to version 2.17-222 that includes the fix [1]. Users should update their glibc packages to the patched versions. If upgrading is not immediately possible, disabling the DNS backend for network name resolution in the NSS configuration may reduce exposure, though this may impact network functionality. No workaround is provided in the available references [1].