This script is Copyright (C) 2016 Tenable Network Security, Inc.
The remote Red Hat host is potentially affected by a denial of service
The remote Red Hat Enterprise Linux host has a version of glibc
installed that is similar in patching level to version 2.21 of the
official glibc library. It is, therefore, potentially affected by a
denial of service vulnerability due to improper handling of alias
names supplied to the getnetbyname() function. A remote attacker can
exploit this to cause an invite loop by sending a positive answer to
the host while a network name is being processed.
Note that Red Hat has no plans to release a patch since the host will
only be affected by the vulnerability if it is running a 'networks:
file dns' non-standard configuration in /etc/nsswitch.conf, and the
host is targeted by a separate DNS spoofing attack.
See also :
No patch from Red Hat is currently available. However, users are
advised to check their settings, and upgrade to a glibc package
released after February, 2nd 2015.
Risk factor :
Low / CVSS Base Score : 1.2
CVSS Temporal Score : 0.9
Public Exploit Available : true