CVE-2010-0393
The MITRE CVE dictionary describes this issue as:
Find out more about CVE-2010-0393 from the MITRE CVE dictionary dictionary and NIST NVD.
Statement
This issue did not affected Red Hat Enterprise Linux 3 and 4 due to the lack of localization in lppasswd as provided in those releases.
The affected code is present in Red Hat Enterprise Linux 5, however lppasswd is not shipped setuid so is not vulnerable to this issue. If a user were to enable the setuid bit on lppasswd, the impact would only be a crash of lppasswd due to use of FORTIFY_SOURCE protections. Therefore, there are no plans to correct this issue in Red Hat Enterprise Linux 5.
CVSS v2 metrics
NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.
| Base Score | 4 |
|---|---|
| Base Metrics | AV:L/AC:H/Au:N/C:C/I:N/A:N |
| Access Vector | Local |
| Access Complexity | High |
| Authentication | None |
| Confidentiality Impact | Complete |
| Integrity Impact | None |
| Availability Impact | None |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
CVE description copyright © 2017, The MITRE Corporation
