#VU110096 Buffer overflow in Glibc - CVE-2014-9984

Cybersecurity Help s.r.o.

Published: 2019-06-13 | Updated: 2025-06-03

Vulnerability identifier: #VU110096

Vulnerability risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2014-9984

CWE-ID: CWE-119

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Glibc
Universal components / Libraries / Libraries used by multiple products

Vendor: GNU

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon crash or code execution as the user running nscd.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Glibc: 0.1 - 2.1.97

External links
https://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
https://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
https://seclists.org/fulldisclosure/2019/Jun/18
https://seclists.org/fulldisclosure/2019/Sep/7
https://www.securityfocus.com/bid/99071
https://seclists.org/bugtraq/2019/Jun/14
https://seclists.org/bugtraq/2019/Sep/7
https://sourceware.org/bugzilla/show_bug.cgi?id=16695
https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=c44496df2f090a56d3bf75df930592dac6bba46f

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in GNU Glibc