CVE-2010-0296

Published: Jun 1, 2010Modified: Apr 29, 2026

7.2

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 3.9 / Impact: 10.0

Source: NVD

Description

The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or possibly modify mount options and gain privileges, via a crafted mount request.

Affected (39)

Products: Gnu: Glibc

1 product

Configuration A

39 vulnerable

Vulnerable Software	Affected Versions
Gnu Glibc	Up to 2.11.1
Gnu Glibc	Version 2.0.1
Gnu Glibc	Version 2.0.2
Gnu Glibc	Version 2.0.3
Gnu Glibc	Version 2.0.4
Gnu Glibc	Version 2.0.5
Gnu Glibc	Version 2.0.6
Gnu Glibc	Version 2.0
Gnu Glibc	Version 2.1.1.6
Gnu Glibc	Version 2.1.1
Gnu Glibc	Version 2.1.2
Gnu Glibc	Version 2.1.3
Gnu Glibc	Version 2.1.9
Gnu Glibc	Version 2.10.1
Gnu Glibc	Version 2.10
Gnu Glibc	Version 2.11
Gnu Glibc	Version 2.1
Gnu Glibc	Version 2.2.1
Gnu Glibc	Version 2.2.2
Gnu Glibc	Version 2.2.3
Gnu Glibc	Version 2.2.4
Gnu Glibc	Version 2.2.5
Gnu Glibc	Version 2.2
Gnu Glibc	Version 2.3.10
Gnu Glibc	Version 2.3.1
Gnu Glibc	Version 2.3.2
Gnu Glibc	Version 2.3.3
Gnu Glibc	Version 2.3.4
Gnu Glibc	Version 2.3.5
Gnu Glibc	Version 2.3.6
Gnu Glibc	Version 2.3
Gnu Glibc	Version 2.4
Gnu Glibc	Version 2.5.1
Gnu Glibc	Version 2.5
Gnu Glibc	Version 2.6.1
Gnu Glibc	Version 2.6
Gnu Glibc	Version 2.7
Gnu Glibc	Version 2.8
Gnu Glibc	Version 2.9

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (44)

http://frugalware.org/security/662

Source: secalert@redhat.com

http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html

Source: secalert@redhat.com

http://seclists.org/fulldisclosure/2019/Jun/18

Source: secalert@redhat.com

http://secunia.com/advisories/39900

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/43830

Source: secalert@redhat.com

http://secunia.com/advisories/46397

Source: secalert@redhat.com

http://security.gentoo.org/glsa/glsa-201011-01.xml

Source: secalert@redhat.com

http://securitytracker.com/id?1024043

Source: secalert@redhat.com

http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=ab00f4eac8f4932211259ff87be83144f5211540

Source: secalert@redhat.com

http://www.debian.org/security/2010/dsa-2058

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2010:111

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2010:112

Source: secalert@redhat.com

http://www.redhat.com/support/errata/RHSA-2011-0412.html

Source: secalert@redhat.com

http://www.securityfocus.com/archive/1/520102/100/0/threaded

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-944-1

Source: secalert@redhat.com

http://www.vmware.com/security/advisories/VMSA-2011-0012.html

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2010/1246

Source: secalert@redhat.com

Vendor Advisory

http://www.vupen.com/english/advisories/2011/0863

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=559579

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/59240

Source: secalert@redhat.com

https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html

Source: secalert@redhat.com

https://seclists.org/bugtraq/2019/Jun/14

Source: secalert@redhat.com

http://frugalware.org/security/662

Source: af854a3a-2127-422b-91ae-364da2661108

http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2019/Jun/18

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/39900

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/43830

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/46397

Source: af854a3a-2127-422b-91ae-364da2661108

http://security.gentoo.org/glsa/glsa-201011-01.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://securitytracker.com/id?1024043

Source: af854a3a-2127-422b-91ae-364da2661108

http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=ab00f4eac8f4932211259ff87be83144f5211540

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2010/dsa-2058

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2010:111

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2010:112

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2011-0412.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/520102/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-944-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vmware.com/security/advisories/VMSA-2011-0012.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2010/1246

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.vupen.com/english/advisories/2011/0863

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=559579

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/59240

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://seclists.org/bugtraq/2019/Jun/14

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.