CVE-2010-0015
glibc - information disclosure
EPSS 1.5%
Description
nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the getpwnam function.
How to fix CVE-2010-0015
To remediate CVE-2010-0015, upgrade the affected package to a fixed version below.
- Debian/glibc—upgrade to 2.10.2-4 or later
- Debian/glibc—upgrade to 2.3.6.ds1-13etch10 or later
Is CVE-2010-0015 being exploited?
Low — EPSS is 1.5%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 2.10.2-4
- from 0, < 2.3.6.ds1-13etch10