CVE-2015-5277

Impact:
Important
Public Date:
2015-09-14
CWE:
CWE-119
Bugzilla:
1262914: CVE-2015-5277 glibc: data corruption while reading the NSS files database
It was discovered that the nss_files backend for the Name Service Switch in glibc would return incorrect data to applications or corrupt the heap (depending on adjacent heap contents). A local attacker could potentially use this flaw to execute arbitrary code on the system.

Find out more about CVE-2015-5277 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 3.7
Base Metrics AV:L/AC:H/Au:N/C:P/I:P/A:P
Access Vector Local
Access Complexity High
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 7 (glibc) RHSA-2015:2172 2015-11-19
Red Hat Enterprise Linux Extended Update Support 7.1 (glibc) RHSA-2015:2589 2015-12-09

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 6 glibc Not affected
Red Hat Enterprise Linux 5 glibc Not affected

Acknowledgements

This issue was discovered by Sumit Bose and Lukáš Slebodník of Red Hat.

External References

Last Modified