SB2016120710 - Credentials management in Glibc
Published: December 7, 2016 Updated: June 3, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Credentials management (CVE-ID: CVE-2010-0015)
CWE-ID: CWE-255 - Credentials Management
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the getpwnam function.
Remediation
Install update from vendor's website.
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560333
- http://marc.info/?l=oss-security&m=126320356003425&w=2
- http://marc.info/?l=oss-security&m=126320570505651&w=2
- http://sourceware.org/bugzilla/show_bug.cgi?id=11134
- http://svn.debian.org/viewsvn/pkg-glibc/glibc-package/trunk/debian/patches/any/submitted-nis-shadow.diff?revision=4062&view=markup
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:111
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:112
- http://www.openwall.com/lists/oss-security/2010/01/07/3
- http://www.openwall.com/lists/oss-security/2010/01/08/1
- http://www.openwall.com/lists/oss-security/2010/01/08/2
- http://www.openwall.com/lists/oss-security/2010/01/11/6
- https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html