Computer Security
[EN] securityvulns.ru no-pyccku


glibc getpwname information leak
Published:20.01.2010
Source:
SecurityVulns ID:10537
Type:library
Threat Level:
7/10
Description:Records from passwd.adjunct.byname map are added to passwd map leading to crypted NIS password disclosure.
Affected:GNU : glibc 2.7
CVE:CVE-2010-0015 (nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the getpwnam function.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1973-1] New glibc packages fix information disclosure (20.01.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod