Vulnerability Description
nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the getpwnam function.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Glibc | 2.7 |
Related Weaknesses (CWE)
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560333
- http://marc.info/?l=oss-security&m=126320356003425&w=2
- http://marc.info/?l=oss-security&m=126320570505651&w=2
- http://sourceware.org/bugzilla/show_bug.cgi?id=11134
- http://svn.debian.org/viewsvn/pkg-glibc/glibc-package/trunk/debian/patches/any/s
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:111
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:112
- http://www.openwall.com/lists/oss-security/2010/01/07/3
- http://www.openwall.com/lists/oss-security/2010/01/08/1
- http://www.openwall.com/lists/oss-security/2010/01/08/2
- http://www.openwall.com/lists/oss-security/2010/01/11/6
- https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560333
- http://marc.info/?l=oss-security&m=126320356003425&w=2
- http://marc.info/?l=oss-security&m=126320570505651&w=2
FAQ
What is CVE-2010-0015?
CVE-2010-0015 is a vulnerability with a CVSS score of 7.5 (HIGH). nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows re...
How severe is CVE-2010-0015?
CVE-2010-0015 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-0015?
Check the references section above for vendor advisories and patch information. Affected products include: Gnu Glibc.