Bug#560333: libc6: getpwnam shows shadow passwords of NIS users

To: 560333@bugs.debian.org
Subject: Bug#560333: libc6: getpwnam shows shadow passwords of NIS users
From: Christoph Pleger <Christoph.Pleger@cs.tu-dortmund.de>
Date: Mon, 14 Dec 2009 11:24:14 +0100
Message-id: <20091214112414.9c60189a.Christoph.Pleger@cs.tu-dortmund.de>
Reply-to: Christoph Pleger <Christoph.Pleger@cs.tu-dortmund.de>, 560333@bugs.debian.org

Hello,

the problem is somehow caused by nscd. When I disable passwd caching
in /etc/nscd.conf and then restart nscd, the shadow passwords can only
be seen by root.

Because of the security risk, I recommend to set the severity of this
bug to "critical".

Regards
  Christoph

Reply to:

Follow-Ups:
- Bug#560333: libc6: getpwnam shows shadow passwords of NIS users
  - From: Aurelien Jarno <aurelien@aurel32.net>

Prev by Date: Bug#561034: Please specify the Homepage in the package
Next by Date: Bug#560333: libc6: getpwnam shows shadow passwords of NIS users
Previous by thread: Bug#561034: Please specify the Homepage in the package
Next by thread: Bug#560333: libc6: getpwnam shows shadow passwords of NIS users
Index(es):
- Date
- Thread