CVE-2010-0015 — Glibc vulnerability

CWE-25511 documents9 sources
Severity
7.5HIGHNVD
EPSS
1.5%
top 18.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Glibc
Timeline
PublishedJan 14
Latest updateMay 2

Description

nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the getpwnam function.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

â–¶Debiangnu/glibc< 2.10.2-4+3
â–¶NVDgnu/glibc2.10.2, 2.7+1

🔴Vulnerability Details

3
GHSA
GHSA-42jr-443g-g58q: nis/nss_nis/nis-pwd↗2022-05-02
â–¶
CVEList
CVE-2010-0015: nis/nss_nis/nis-pwd↗2010-01-14
â–¶
OSV
CVE-2010-0015: nis/nss_nis/nis-pwd↗2010-01-14
â–¶

💥Exploits & PoCs

2
Exploit-DB
Apple QuickTime 7.1.3 - RTSP URI Buffer Overflow (Metasploit)↗2010-05-04
â–¶
Exploit-DB
Microsoft DirectShow - 'msvidctl.dll' MPEG-2 Memory Corruption (MS09-032/MS09-037) (Metasploit)↗2010-04-30
â–¶

📋Vendor Advisories

3
Ubuntu
GNU C Library vulnerabilities↗2012-03-09
â–¶
Debian
CVE-2010-0015: glibc - nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded...↗2010
â–¶
Red Hat
glibc NIS password hash disclosure↗2009-12-10
â–¶

💬Community

2
Bugzilla
CVE-2011-0015 CVE-2011-0016 CVE-2011-0427 CVE-2011-0490 CVE-2011-0491 CVE-2011-0492 CVE-2011-0493 CVE-2010-1676 CVE-2010-0383 CVE-2010-0385 tor various flaws [epel-5]↗2011-01-20
â–¶
Bugzilla
CVE-2010-0015 glibc NIS password hash disclosure↗2010-01-14
â–¶
CVE-2010-0015 — GNU Glibc vulnerability | cvebase