7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
Christoph Pleger has discovered that the GNU C Library (aka glibc) and
its derivatives add information from the passwd.adjunct.byname map to
entries in the passwd map, which allows local users to obtain the
encrypted passwords of NIS accounts by calling the getpwnam function.
For the oldstable distribution (etch), this problem has been fixed in
version 2.3.6.ds1-13etch10 of the glibc package.
For the stable distribution (lenny), this problem has been fixed in
version 2.7-18lenny2 of the glibc package.
For the unstable distribution (sid) this problem has been fixed in
version 2.10.2-4 of the eglibc package.
We recommend that you upgrade your glibc or eglibc package.
CPE | Name | Operator | Version |
---|---|---|---|
glibc | eq | 2.7-18 | |
glibc | eq | 2.7-18lenny1 |