Security Bulletin: Vulnerabilities in Open Source glibc affect IBM Security Identity Governance (CVE-2014-8121)

Summary

Vulnerabilities in Open Source glibc that is used by IBM Security Identity Governance. GNU C Library (glibc) is vulnerable to a denial of service, caused by the failure to properly check if a file is open by DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS). By performing a look-up on a database while iterating over it, an attacker could exploit this vulnerability to cause the application to enter into an infinite loop

Vulnerability Details

CVEID: CVE-2014-8121**
DESCRIPTION:** GNU C Library (glibc) is vulnerable to a denial of service, caused by the failure to properly check if a file is open by DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS). By performing a look-up on a database while iterating over it, an attacker could exploit this vulnerability to cause the application to enter into an infinite loop.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/102652 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Affected Products and Versions

IGI 5.2

Remediation/Fixes

Affected Version

| Remediation Fixes
—|—
IGI Appliance 5.2| 5.2.0.1-ISS-SIGI-IF0002