CVE-2010-0015

N/A Unknown

Published: January 14, 2010 Modified: April 23, 2026

Description

nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the getpwnam function.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560333

Source: secalert@redhat.com

http://marc.info/?l=oss-security&m=126320356003425&w=2

Source: secalert@redhat.com

http://marc.info/?l=oss-security&m=126320570505651&w=2

Source: secalert@redhat.com

http://sourceware.org/bugzilla/show_bug.cgi?id=11134

Source: secalert@redhat.com

http://svn.debian.org/viewsvn/pkg-glibc/glibc-package/trunk/debian/patches/any/submitted-nis-shadow.diff?revision=4062&view=markup

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2010:111

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2010:112

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2010/01/07/3

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2010/01/08/1

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2010/01/08/2

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2010/01/11/6

Source: secalert@redhat.com

https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html

Source: secalert@redhat.com

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560333

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=oss-security&m=126320356003425&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=oss-security&m=126320570505651&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://sourceware.org/bugzilla/show_bug.cgi?id=11134

Source: af854a3a-2127-422b-91ae-364da2661108

http://svn.debian.org/viewsvn/pkg-glibc/glibc-package/trunk/debian/patches/any/submitted-nis-shadow.diff?revision=4062&view=markup

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2010:111

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2010:112

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2010/01/07/3

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2010/01/08/1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2010/01/08/2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2010/01/11/6

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html

Source: af854a3a-2127-422b-91ae-364da2661108

24 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

1.5%

81th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-255

Affected Vendors

gnu

Related CVEs

CVE-2026-7024 5.4

CVE-2026-7023 6.3

CVE-2026-7022 7.3

CVE-2026-7021 3.5

CVE-2026-7020 5.6