Executive Summary

Informations
Name CVE-2010-0015 First vendor Publication 2010-01-14
Vendor Cve Last vendor Modification 2016-12-07

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the getpwnam function.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0015

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-255 Credentials Management

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:13320
 
Oval ID: oval:org.mitre.oval:def:13320
Title: DSA-1973-1 glibc, eglibc -- information disclosure
Description: Christoph Pleger has discovered that the GNU C Library and its derivatives add information from the passwd.adjunct.byname map to entries in the passwd map, which allows local users to obtain the encrypted passwords of NIS accounts by calling the getpwnam function. For the oldstable distribution, this problem has been fixed in version 2.3.6.ds1-13etch10 of the glibc package. For the stable distribution, this problem has been fixed in version 2.7-18lenny2 of the glibc package. For the unstable distribution this problem has been fixed in version 2.10.2-4 of the eglibc package. We recommend that you upgrade your glibc or eglibc package.
Family: unix Class: patch
Reference(s): DSA-1973-1
CVE-2010-0015
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): glibc
eglibc
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6752
 
Oval ID: oval:org.mitre.oval:def:6752
Title: DSA-1973 glibc, eglibc -- information disclosure
Description: Christoph Pleger has discovered that the GNU C Library and its derivatives add information from the passwd.adjunct.byname map to entries in the passwd map, which allows local users to obtain the encrypted passwords of NIS accounts by calling the getpwnam function.
Family: unix Class: patch
Reference(s): DSA-1973
CVE-2010-0015
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): glibc
eglibc
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2

OpenVAS Exploits

Date Description
2012-03-12 Name : Ubuntu Update for eglibc USN-1396-1
File : nvt/gb_ubuntu_USN_1396_1.nasl
2010-11-16 Name : SuSE Update for glibc SUSE-SA:2010:052
File : nvt/gb_suse_2010_052.nasl
2010-06-11 Name : Mandriva Update for glibc MDVSA-2010:111 (glibc)
File : nvt/gb_mandriva_MDVSA_2010_111.nasl
2010-06-11 Name : Mandriva Update for glibc MDVSA-2010:112 (glibc)
File : nvt/gb_mandriva_MDVSA_2010_112.nasl
2010-04-06 Name : Mandriva Update for initscripts MDVA-2010:111 (initscripts)
File : nvt/gb_mandriva_MDVA_2010_111.nasl
2010-04-06 Name : Mandriva Update for kdebase4-workspace MDVA-2010:112 (kdebase4-workspace)
File : nvt/gb_mandriva_MDVA_2010_112.nasl
2010-02-01 Name : Debian Security Advisory DSA 1973-1 (glibc, eglibc)
File : nvt/deb_1973_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
61791 GNU C Library / Embedded GLIBCnis/nss_nis/nis-pwd.c getpwnam Function NIS Acc...

Nessus® Vulnerability Scanner

Date Description
2012-03-12 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1396-1.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_glibc-110517.nasl - Type : ACT_GATHER_INFO
2011-06-28 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_glibc-110516.nasl - Type : ACT_GATHER_INFO
2010-12-02 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_glibc-101025.nasl - Type : ACT_GATHER_INFO
2010-10-28 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_glibc-101026.nasl - Type : ACT_GATHER_INFO
2010-10-28 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_glibc-7201.nasl - Type : ACT_GATHER_INFO
2010-07-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-112.nasl - Type : ACT_GATHER_INFO
2010-06-09 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-111.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1973.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560333
http://svn.debian.org/viewsvn/pkg-glibc/glibc-package/trunk/debian/patches/an...
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2010:111
http://www.mandriva.com/security/advisories?name=MDVSA-2010:112
MISC http://sourceware.org/bugzilla/show_bug.cgi?id=11134
MLIST http://marc.info/?l=oss-security&m=126320356003425&w=2
http://marc.info/?l=oss-security&m=126320570505651&w=2
http://www.openwall.com/lists/oss-security/2010/01/07/3
http://www.openwall.com/lists/oss-security/2010/01/08/1
http://www.openwall.com/lists/oss-security/2010/01/08/2
http://www.openwall.com/lists/oss-security/2010/01/11/6
SUSE https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
Date Informations
2021-05-04 12:10:57
  • Multiple Updates
2021-04-22 01:11:26
  • Multiple Updates
2020-05-23 00:25:01
  • Multiple Updates
2016-12-07 09:24:10
  • Multiple Updates
2016-04-26 19:29:10
  • Multiple Updates
2014-02-17 10:53:02
  • Multiple Updates
2013-05-10 23:13:00
  • Multiple Updates