CVE-2010-0015
glibc 2.7 and EGLIBC 2.10.2 - Unauthenticated Encrypted Password Disclosure via getpwnam Function
Title source: llmDescription
nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the getpwnam function.
References (12)
Core 12
Core References
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:111
Mailing List vendor-advisory
x_refsource_suse
https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html
Various Sources x_refsource_confirm
http://svn.debian.org/viewsvn/pkg-glibc/glibc-package/trunk/debian/patches/any/submitted-nis-shadow.diff?revision=4062&view=markup
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:112
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/01/08/2
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/01/07/3
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/01/11/6
Issue Tracking x_refsource_confirm
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560333
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/01/08/1
Mailing List mailing-list
x_refsource_mlist
http://marc.info/?l=oss-security&m=126320570505651&w=2
Patch x_refsource_misc
http://sourceware.org/bugzilla/show_bug.cgi?id=11134
Mailing List mailing-list
x_refsource_mlist
http://marc.info/?l=oss-security&m=126320356003425&w=2
Scores
EPSS
0.0154
EPSS Percentile
81.6%
Details
CWE
CWE-255
Status
published
Products (2)
gnu/glibc
2.7
gnu/glibc
2.10.2
Published
Jan 14, 2010
Tracked Since
Feb 18, 2026