CVE-2010-0015

Priority
Low
Description
nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and
Embedded GLIBC (EGLIBC) 2.10.2 adds information from the
passwd.adjunct.byname map to entries in the passwd map, which allows remote
attackers to obtain the encrypted passwords of NIS accounts by calling the
getpwnam function.
References
Bugs
Notes
mdeslaur> in lucid+, in patch debian/patches/any/submitted-nis-shadow.diff
Assigned-to
sbeattie
Package
Upstream:released (2.10.2-4)
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):not-affected (2.11.1-0ubuntu7.8)
Ubuntu 11.04 (Natty Narwhal):not-affected (2.13-0ubuntu13)
Ubuntu 11.10 (Oneiric Ocelot):not-affected (2.13-0ubuntu13)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (2.13-0ubuntu13)
Patches:
Vendor:http://svn.debian.org/viewsvn/pkg-glibc/glibc-package/trunk/debian/patches/any/submitted-nis-shadow.diff?revision=4062&view=markup
Package
Source: glibc (LP Ubuntu Debian)
Upstream:released (2.10.2-4)
Ubuntu 8.04 LTS (Hardy Heron):released (2.7-10ubuntu8.1)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 11.04 (Natty Narwhal):DNE
Ubuntu 11.10 (Oneiric Ocelot):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:20:33 UTC (commit 5347)