CVE-2010-0015

Published: Jan 14, 2010Modified: Apr 23, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the getpwnam function.

Affected (2)

Products: Gnu: Glibc

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Gnu Glibc	Version 2.10.2
Gnu Glibc	Version 2.7

Related CWEs

References (24)

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560333

Source: secalert@redhat.com

http://marc.info/?l=oss-security&m=126320356003425&w=2

Source: secalert@redhat.com

http://marc.info/?l=oss-security&m=126320570505651&w=2

Source: secalert@redhat.com

http://sourceware.org/bugzilla/show_bug.cgi?id=11134

Source: secalert@redhat.com

http://svn.debian.org/viewsvn/pkg-glibc/glibc-package/trunk/debian/patches/any/submitted-nis-shadow.diff?revision=4062&view=markup

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2010:111

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2010:112

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2010/01/07/3

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2010/01/08/1

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2010/01/08/2

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2010/01/11/6

Source: secalert@redhat.com

https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html

Source: secalert@redhat.com

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560333

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=oss-security&m=126320356003425&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=oss-security&m=126320570505651&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://sourceware.org/bugzilla/show_bug.cgi?id=11134

Source: af854a3a-2127-422b-91ae-364da2661108

http://svn.debian.org/viewsvn/pkg-glibc/glibc-package/trunk/debian/patches/any/submitted-nis-shadow.diff?revision=4062&view=markup

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2010:111

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2010:112

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2010/01/07/3

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2010/01/08/1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2010/01/08/2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2010/01/11/6

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.