Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

Ubuntu 24.04 LTS USN-6804-1 Critical: glibc nscd DoS Attack

ubuntu
Calendar Grey May 31, 2024
Dist Ubuntu Esm H88
Several glibc security flaws identified in Ubuntu, encompassing denial of service risks and necessary patches.
Several security issues were fixed in GNU C Library.

Summary

Several security issues were fixed in GNU C Library.

Software Description:

- glibc: GNU C Library

Details:

It was discovered that GNU C Library nscd daemon contained a stack-based buffer

overflow. A local attacker could use this to cause a denial of service

(system crash). (CVE-2024-33599)

It was discovered that GNU C Library nscd daemon did not properly check the

cache content, leading to a null pointer dereference vulnerability. A local

attacker could use this to cause a denial of service (system crash).

(CVE-2024-33600)

It was discovered that GNU C Library nscd daemon did not properly validate

memory allocation in certain situations, leading to a null pointer dereference

vulnerability. A local attacker could use this to cause a denial of service

(system crash). (CVE-2024-33601)

It was discovered that GNU C Library nscd daemon did not properly handle memory

allocation, which could lead to memory corruption. A local attacker could use

this to cause a denial of service (syste...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
  nscd                            2.39-0ubuntu8.2

Ubuntu 23.10
  nscd                            2.38-1ubuntu6.3

Ubuntu 22.04 LTS
  nscd                            2.35-0ubuntu3.8

Ubuntu 20.04 LTS
  nscd                            2.31-0ubuntu9.16

Ubuntu 18.04 LTS
  nscd                            2.27-3ubuntu1.6+esm3
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  nscd                            2.23-0ubuntu11.3+esm7
                                  Available with Ubuntu Pro

After a standard system update you need to restart nscd to make
all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6804-1

CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6804-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here