National Cyber Awareness System

Vulnerability Summary for CVE-2010-0296

Overview

The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or possibly modify mount options and gain privileges, via a crafted mount request.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: CONFIRM

Name: https://bugzilla.redhat.com/show_bug.cgi?id=559579

Hyperlink:https://bugzilla.redhat.com/show_bug.cgi?id=559579

External Source: XF

Name: gnuclibrary-encodenamemacro-dos(59240)

Hyperlink:http://xforce.iss.net/xforce/xfdb/59240

External Source: VUPEN

Name: ADV-2011-0863

Hyperlink:http://www.vupen.com/english/advisories/2011/0863

External Source: VUPEN

Name: ADV-2010-1246

Type: Advisory

Hyperlink:http://www.vupen.com/english/advisories/2010/1246

External Source: CONFIRM

Name: http://www.vmware.com/security/advisories/VMSA-2011-0012.html

Hyperlink:http://www.vmware.com/security/advisories/VMSA-2011-0012.html

External Source: UBUNTU

Name: USN-944-1

Hyperlink:http://www.ubuntu.com/usn/USN-944-1

External Source: BUGTRAQ

Name: 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/520102/100/0/threaded

External Source: REDHAT

Name: RHSA-2011:0412

Hyperlink:http://www.redhat.com/support/errata/RHSA-2011-0412.html

External Source: MANDRIVA

Name: MDVSA-2010:112

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2010:112

External Source: MANDRIVA

Name: MDVSA-2010:111

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2010:111

External Source: DEBIAN

Name: DSA-2058

Hyperlink:http://www.debian.org/security/2010/dsa-2058

External Source: CONFIRM

Name: http://sourceware.org/git/?p=glibc.git;a=commit;h=ab00f4eac8f4932211259ff87be83144f5211540

Hyperlink:http://sourceware.org/git/?p=glibc.git;a=commit;h=ab00f4eac8f4932211259ff87be83144f5211540

External Source: SECTRACK

Name: 1024043

Hyperlink:http://securitytracker.com/id?1024043

External Source: GENTOO

Name: GLSA-201011-01

Hyperlink:http://security.gentoo.org/glsa/glsa-201011-01.xml

External Source: SECUNIA

Name: 46397

Hyperlink:http://secunia.com/advisories/46397

External Source: SECUNIA

Name: 43830

Hyperlink:http://secunia.com/advisories/43830

External Source: SECUNIA

Name: 39900

Type: Advisory

Hyperlink:http://secunia.com/advisories/39900

External Source: CONFIRM

Name: http://frugalware.org/security/662

Hyperlink:http://frugalware.org/security/662