CVE-2010-0015

NameCVE-2010-0015
Descriptionnis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the getpwnam function.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1973-1
NVD severityhigh (attack range: remote)
Debian Bugs560333

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
eglibc (PTS)wheezy2.13-38+deb7u10fixed
wheezy (security)2.13-38+deb7u11fixed
glibc (PTS)jessie2.19-18+deb8u9fixed
jessie (security)2.19-18+deb8u3fixed
stretch, sid2.24-10fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
eglibcsource(unstable)2.10.2-4medium560333
glibcsource(unstable)2.10.2-4medium
glibcsourceetch2.3.6.ds1-13etch10highDSA-1973-1
glibcsourcelenny2.7-18lenny2highDSA-1973-1

Search for package or bug name: Reporting problems