CVE-2010-0015
Priority
Low
Description
nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and
Embedded GLIBC (EGLIBC) 2.10.2 adds information from the
passwd.adjunct.byname map to entries in the passwd map, which allows remote
attackers to obtain the encrypted passwords of NIS accounts by calling the
getpwnam function.
Embedded GLIBC (EGLIBC) 2.10.2 adds information from the
passwd.adjunct.byname map to entries in the passwd map, which allows remote
attackers to obtain the encrypted passwords of NIS accounts by calling the
getpwnam function.
References
Bugs
Notes
mdeslaur> in lucid+, in patch debian/patches/any/submitted-nis-shadow.diff
Assigned-to
sbeattie
Package
| Upstream: | released (2.10.2-4) |
| Ubuntu 8.04 LTS (Hardy Heron): | DNE |
| Ubuntu 10.04 LTS (Lucid Lynx): | not-affected (2.11.1-0ubuntu7.8) |
| Ubuntu 11.04 (Natty Narwhal): | not-affected (2.13-0ubuntu13) |
| Ubuntu 11.10 (Oneiric Ocelot): | not-affected (2.13-0ubuntu13) |
| Ubuntu 12.04 LTS (Precise Pangolin): | not-affected (2.13-0ubuntu13) |
Patches:
| Vendor: | http://svn.debian.org/viewsvn/pkg-glibc/glibc-package/trunk/debian/patches/any/submitted-nis-shadow.diff?revision=4062&view=markup |
Package
| Upstream: | released (2.10.2-4) |
| Ubuntu 8.04 LTS (Hardy Heron): | released (2.7-10ubuntu8.1) |
| Ubuntu 10.04 LTS (Lucid Lynx): | DNE |
| Ubuntu 11.04 (Natty Narwhal): | DNE |
| Ubuntu 11.10 (Oneiric Ocelot): | DNE |
| Ubuntu 12.04 LTS (Precise Pangolin): | DNE |