Bug#560333: libc6: getpwnam shows shadow passwords of NIS users
Package: libc6
Version: 2.7-18
Severity: normal
Hello,
I have several machines where almost all user accounts come by NIS. The NIS
server is running on a Solaris machine. As usual, the Solaris NIS server
exports the passwd data in the map "passwd" and the shadow data in the map
"passwd.adjunct.byname". These two maps are mangled together in some calls
of libc6, for example in getpwnam. This makes it possible for every user who
has an account on the NIS client machine to see the encrypted passwords of
all NIS users. This is a grave security bug.
Furthermore, getspnam returns a NULL pointer for all NIS users, even if
getspnam is called by root.
Regards
Christoph
-- System Information:
Debian Release: 5.0.3
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-2-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages libc6 depends on:
ii libgcc1 1:4.3.2-1.1 GCC support library
libc6 recommends no packages.
Versions of packages libc6 suggests:
pn glibc-doc <none> (no description available)
ii libc6-i686 2.7-18 GNU C Library: Shared libraries [i
ii locales 2.7-18 GNU C Library: National Language (
-- debconf information:
glibc/upgrade: true
glibc/restart-failed:
* glibc/restart-services: ssh openbsd-inetd cron
Reply to: