Vulnerability Details : CVE-2010-0015
nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the getpwnam function.
Products affected by CVE-2010-0015
- cpe:2.3:a:gnu:glibc:2.7:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.10.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2010-0015
2.28%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 88 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2010-0015
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2010-0015
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-0015
-
http://sourceware.org/bugzilla/show_bug.cgi?id=11134
11134 – getpwnam shows shadow passwords of NIS users
-
https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html
[security-announce] SUSE Security Announcement: glibc (SUSE-SA:2010:052)
-
http://svn.debian.org/viewsvn/pkg-glibc/glibc-package/trunk/debian/patches/any/submitted-nis-shadow.diff?revision=4062&view=markup
-
http://www.openwall.com/lists/oss-security/2010/01/11/6
oss-security - Re: CVE id request: GNU libc: NIS shadow password leakage
-
http://www.openwall.com/lists/oss-security/2010/01/08/1
oss-security - Re: CVE id request: GNU libc: NIS shadow password leakage
-
http://www.mandriva.com/security/advisories?name=MDVSA-2010:111
mandriva.com
-
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560333
#560333 - libc6: getpwnam shows shadow passwords of NIS users - Debian Bug report logs
-
http://marc.info/?l=oss-security&m=126320356003425&w=2
'Re: [oss-security] CVE id request: GNU libc: NIS shadow password' - MARC
-
http://marc.info/?l=oss-security&m=126320570505651&w=2
'Re: [oss-security] CVE id request: GNU libc: NIS shadow password' - MARC
-
http://www.mandriva.com/security/advisories?name=MDVSA-2010:112
mandriva.com
-
http://www.openwall.com/lists/oss-security/2010/01/08/2
oss-security - Re: CVE id request: GNU libc: NIS shadow password leakage
-
http://www.openwall.com/lists/oss-security/2010/01/07/3
oss-security - CVE id request: GNU libc: NIS shadow password leakage
Jump to