Credentials Management Affecting glibc package, versions <2.10.2-4


Severity

Recommended
medium

Based on Debian security rating.

Threat Intelligence

EPSS
2.28% (91st percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-DEBIAN9-GLIBC-356690
  • published14 Jan 2010
  • disclosed14 Jan 2010

Introduced: 14 Jan 2010

CVE-2010-0015  (opens in a new tab)
CWE-255  (opens in a new tab)

How to fix?

Upgrade Debian:9 glibc to version 2.10.2-4 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Debian. See How to fix? for Debian:9 relevant fixed versions and status.

nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the getpwnam function.

CVSS Scores

version 3.1