CVE-2010-0296

NameCVE-2010-0296
DescriptionThe encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or possibly modify mount options and gain privileges, via a crafted mount request.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-2058-1
NVD severityhigh (attack range: local)
Debian Bugs583908
Debian/oldoldstablenot vulnerable.
Debian/oldstablenot vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
eglibc (PTS)squeeze2.11.3-4fixed
squeeze (lts)2.11.3-4+deb6u5fixed
wheezy2.13-38+deb7u6fixed
wheezy (security)2.13-38+deb7u8fixed
glibc (PTS)stretch, jessie, sid2.19-18fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
eglibcsource(unstable)2.11-1high
glibcsource(unstable)2.11-1high583908
glibcsourcelenny2.7-18lenny4highDSA-2058-1

Notes

http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=ab00f4eac8f4932211259ff87be83144f5211540

Search for package or bug name: Reporting problems