Lucene search

K

[email protected]NVD:CVE-2010-0296

HistoryJun 01, 2010 - 8:30 p.m.

CVE-2010-0296

2010-06-0120:30:02

CWE-20

[email protected]

web.nvd.nist.gov

1

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.3%

The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or possibly modify mount options and gain privileges, via a crafted mount request.

Affected configurations

NVD

Node

gnuglibcRange≤2.11.1

OR

gnuglibcMatch2.0

OR

gnuglibcMatch2.0.1

OR

gnuglibcMatch2.0.2

OR

gnuglibcMatch2.0.3

OR

gnuglibcMatch2.0.4

OR

gnuglibcMatch2.0.5

OR

gnuglibcMatch2.0.6

OR

gnuglibcMatch2.1

OR

gnuglibcMatch2.1.1

OR

gnuglibcMatch2.1.1.6

OR

gnuglibcMatch2.1.2

OR

gnuglibcMatch2.1.3

OR

gnuglibcMatch2.1.9

OR

gnuglibcMatch2.2

OR

gnuglibcMatch2.2.1

OR

gnuglibcMatch2.2.2

OR

gnuglibcMatch2.2.3

OR

gnuglibcMatch2.2.4

OR

gnuglibcMatch2.2.5

OR

gnuglibcMatch2.3

OR

gnuglibcMatch2.3.1

OR

gnuglibcMatch2.3.2

OR

gnuglibcMatch2.3.3

OR

gnuglibcMatch2.3.4

OR

gnuglibcMatch2.3.5

OR

gnuglibcMatch2.3.6

OR

gnuglibcMatch2.3.10

OR

gnuglibcMatch2.4

OR

gnuglibcMatch2.5

OR

gnuglibcMatch2.5.1

OR

gnuglibcMatch2.6

OR

gnuglibcMatch2.6.1

OR

gnuglibcMatch2.7

OR

gnuglibcMatch2.8

OR

gnuglibcMatch2.9

OR

gnuglibcMatch2.10

OR

gnuglibcMatch2.10.1

OR

gnuglibcMatch2.11

References

frugalware.org/security/662

packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html

seclists.org/fulldisclosure/2019/Jun/18

secunia.com/advisories/39900

secunia.com/advisories/43830

secunia.com/advisories/46397

security.gentoo.org/glsa/glsa-201011-01.xml

securitytracker.com/id?1024043

sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=ab00f4eac8f4932211259ff87be83144f5211540

www.debian.org/security/2010/dsa-2058

www.mandriva.com/security/advisories?name=MDVSA-2010:111

www.mandriva.com/security/advisories?name=MDVSA-2010:112

www.redhat.com/support/errata/RHSA-2011-0412.html

www.securityfocus.com/archive/1/520102/100/0/threaded

www.ubuntu.com/usn/USN-944-1

www.vmware.com/security/advisories/VMSA-2011-0012.html

www.vupen.com/english/advisories/2010/1246

www.vupen.com/english/advisories/2011/0863

bugzilla.redhat.com/show_bug.cgi?id=559579

exchange.xforce.ibmcloud.com/vulnerabilities/59240

lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html

seclists.org/bugtraq/2019/Jun/14

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.3%

Related for NVD:CVE-2010-0296

cve2 prion2 ubuntucve2 cvelist2 veracode1 debiancve2 nessus28 securityvulns3 nvd1 ubuntu1 openvas31 osv1 debian2 gentoo1 oraclelinux2 vmware4 centos2 redhat2 packetstorm1 suse1