7.5

CVE-2010-0015

EPSS 1.82%
Veröffentlicht 14.01.2010 18:30:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the getpwnam function.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 15

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gnu ≫ Glibc Version2.7

Gnu ≫ Glibc Version2.10.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.82%	0.812

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560333

http://marc.info/?l=oss-security&m=126320356003425&w=2

http://marc.info/?l=oss-security&m=126320570505651&w=2

http://sourceware.org/bugzilla/show_bug.cgi?id=11134

http://svn.debian.org/viewsvn/pkg-glibc/glibc-package/trunk/debian/patches/any/submitted-nis-shadow.diff?revision=4062&view=markup

http://www.mandriva.com/security/advisories?name=MDVSA-2010:111

http://www.mandriva.com/security/advisories?name=MDVSA-2010:112

http://www.openwall.com/lists/oss-security/2010/01/07/3

http://www.openwall.com/lists/oss-security/2010/01/08/1

http://www.openwall.com/lists/oss-security/2010/01/08/2

http://www.openwall.com/lists/oss-security/2010/01/11/6

https://nvd.nist.gov/vuln/detail/CVE-2010-0015

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-0015

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-0015

EUVD