CVE-2010-0296

NameCVE-2010-0296
DescriptionThe encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or possibly modify mount options and gain privileges, via a crafted mount request.
SourceCVE (at NVD; LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-2058-1
NVD severityhigh (attack range: local)
Debian Bugs583908

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
eglibc (PTS)wheezy2.13-38+deb7u9fixed
wheezy (security)2.13-38+deb7u10fixed
glibc (PTS)jessie2.19-18+deb8u4fixed
jessie (security)2.19-18+deb8u3fixed
stretch, sid2.22-7fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
eglibcsource(unstable)2.11-1high
glibcsource(unstable)2.11-1high583908
glibcsourcelenny2.7-18lenny4highDSA-2058-1

Notes

http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=ab00f4eac8f4932211259ff87be83144f5211540

Search for package or bug name: Reporting problems