QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2010-0296

Back to search

CVE-2010-0296

Published: Jun 1, 2010

Modified: Aug 7, 2024

PUBLISHED

Description

The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or possibly modify mount options and gain privileges, via a crafted mount request.

VendorProductVersions

n/a

n/a

affected
n/a

References

MDVSA-2010:111
vendor-advisory
x_refsource_MANDRIVA
GLSA-201011-01
vendor-advisory
x_refsource_GENTOO
46397
third-party-advisory
x_refsource_SECUNIA
ADV-2010-1246
vdb-entry
x_refsource_VUPEN
RHSA-2011:0412
vendor-advisory
x_refsource_REDHAT
ADV-2011-0863
vdb-entry
x_refsource_VUPEN
USN-944-1
vendor-advisory
x_refsource_UBUNTU
39900
third-party-advisory
x_refsource_SECUNIA
SUSE-SA:2010:052
vendor-advisory
x_refsource_SUSE
43830
third-party-advisory
x_refsource_SECUNIA
1024043
vdb-entry
x_refsource_SECTRACK
MDVSA-2010:112
vendor-advisory
x_refsource_MANDRIVA
DSA-2058
vendor-advisory
x_refsource_DEBIAN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now