Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 7 Jan 2010 23:05:28 +0100
From: Aurelien Jarno <>
Cc: Christoph Pleger <>
Subject: CVE id request: GNU libc: NIS shadow password leakage

Hi oss-sec,

Christoph Pleger has reported through the Debian bug tracker [1] that
non-priviledged users can read NIS shadow password entries simply
using getpwnam() when nscd is in use.

The issue has already been reported upstream [2], and a proposed patch
is available on [3].

It seems that all GNU libc versions are affected, including derivatives
like EGLIBC.

Could we please get a CVE id for this issue?



Aurelien Jarno	                        GPG: 1024D/F1BCDB73       

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ