About details of CVE-2014-8121.
Issue
-
We received some questions regarding CVE-2014-8121 from our customer. Could you please answer the following questions?
-
We think that whether this vulnerability affects or not depends on how APP which uses NSS-related function included in libnss_file library uses the function. Is it correct?
-
httpd and named load libnss_file library. Does this vulnerability affect httpd and named shipped in RHEL5?
-
If httpd and named are affected then we want to know the condition to be affected. Which is affected, access from remote or local? Or all accesses may be affected without any condition?
-
Environment
- Red Hat Enterprise Linux 5.7
- glibc
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.