CVE Vulnerabilities

CVE-2010-0015

Published: Jan 14, 2010 | Modified: Dec 07, 2016
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
3.3 LOW
AV:A/AC:L/Au:N/C:P/I:N/A:N
RedHat/V3
Ubuntu

nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the getpwnam function.

Affected Software

Name Vendor Start Version End Version
Glibc Gnu 2.7 2.7
Glibc Gnu 2.10.2 2.10.2
Eglibc Ubuntu karmic *
Eglibc Ubuntu upstream *
Glibc Ubuntu dapper *
Glibc Ubuntu hardy *
Glibc Ubuntu intrepid *
Glibc Ubuntu jaunty *
Glibc Ubuntu upstream *

References