[Forgot Password]
Login  Register Subscribe

23631

 
 

115084

 
 

97559

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2010-0015

Date: (C)2010-01-14   (M)2016-12-13
 
CVSS Score: 7.5Access Vector: NETWORK
Exploitability Subscore: 10.0Access Complexity: LOW
Impact Subscore: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL











nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the getpwnam function.

Reference:
MDVSA-2010:111
MDVSA-2010:112
SUSE-SA:2010:052
http://www.openwall.com/lists/oss-security/2010/01/07/3
http://www.openwall.com/lists/oss-security/2010/01/08/1
http://www.openwall.com/lists/oss-security/2010/01/08/2
http://www.openwall.com/lists/oss-security/2010/01/11/6
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560333
http://sourceware.org/bugzilla/show_bug.cgi?id=11134
http://svn.debian.org/viewsvn/pkg-glibc/glibc-package/trunk/debian/patches/any/submitted-nis-shadow.diff?revision=4062&view=markup

CPE    1
cpe:/a:gnu:glibc:2.7
CWE    1
CWE-255
OVAL    6
oval:org.mitre.oval:def:6752
oval:org.secpod.oval:def:600112
oval:org.secpod.oval:def:300000
oval:org.secpod.oval:def:300095
...

© 2013 SecPod Technologies