CVE-2010-0296

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or possibly modify mount options and gain privileges, via a crafted mount request.

References

http://frugalware.org/security/662

http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html

http://seclists.org/fulldisclosure/2019/Jun/18

http://secunia.com/advisories/39900

http://secunia.com/advisories/43830

http://secunia.com/advisories/46397

http://security.gentoo.org/glsa/glsa-201011-01.xml

http://securitytracker.com/id?1024043

http://sourceware.org/git/?p=glibc.git;a=commit;h=ab00f4eac8f4932211259ff87be83144f5211540

http://www.debian.org/security/2010/dsa-2058

http://www.mandriva.com/security/advisories?name=MDVSA-2010:111

http://www.mandriva.com/security/advisories?name=MDVSA-2010:112

http://www.redhat.com/support/errata/RHSA-2011-0412.html

http://www.securityfocus.com/archive/1/520102/100/0/threaded

http://www.ubuntu.com/usn/USN-944-1

http://www.vmware.com/security/advisories/VMSA-2011-0012.html

http://www.vupen.com/english/advisories/2010/1246

http://www.vupen.com/english/advisories/2011/0863

https://bugzilla.redhat.com/show_bug.cgi?id=559579

https://exchange.xforce.ibmcloud.com/vulnerabilities/59240

https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html

https://seclists.org/bugtraq/2019/Jun/14

Details

Source: MITRE

Published: 2010-06-01

Updated: 2019-06-13

Type: CWE-20

Risk Information

CVSS v2

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:gnu:glibc:2.0:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.1.9:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.2:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.2.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.2.2:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.2.3:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.2.4:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.2.5:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.3:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.3.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.3.2:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.3.3:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.3.4:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.3.5:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.3.6:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.3.10:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.4:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.5:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.5.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.6:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.6.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.7:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.8:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.9:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.10:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.10.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.11:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:* versions up to 2.11.1 (inclusive)

Tenable Plugins

View all (25 total)

IDNameProductFamilySeverity
89680VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0012) (remote check)NessusMisc.
high
89679VMware ESX Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0010) (remote check)NessusMisc.
high
81118OracleVM 3.2 : glibc (OVMSA-2015-0023) (GHOST)NessusOracleVM Local Security Checks
high
70880ESXi 5.0 < Build 515841 Multiple Vulnerabilities (remote check)NessusMisc.
high
68455Oracle Linux 4 : glibc (ELSA-2012-0125)NessusOracle Linux Local Security Checks
high
68244Oracle Linux 5 : glibc (ELSA-2011-0412)NessusOracle Linux Local Security Checks
high
61243Scientific Linux Security Update : glibc on SL4.x i386/x86_64 (20120213)NessusScientific Linux Local Security Checks
high
57928RHEL 4 : glibc (RHSA-2012:0125)NessusRed Hat Local Security Checks
high
57923CentOS 4 : glibc (CESA-2012:0125)NessusCentOS Local Security Checks
high
57105SuSE 11.1 Security Update : glibc (SAT Patch Number 2700)NessusSuSE Local Security Checks
high
56508VMSA-2011-0012 : VMware ESXi and ESX updates to third-party libraries and ESX Service ConsoleNessusVMware ESX Local Security Checks
high
55747VMSA-2011-0010 : VMware ESX third-party updates for Service Console packages glibc and dhcpNessusVMware ESX Local Security Checks
high
53430CentOS 5 : glibc (CESA-2011:0412)NessusCentOS Local Security Checks
high
53291RHEL 5 : glibc (RHSA-2011:0412)NessusRed Hat Local Security Checks
high
51601SuSE 11.1 Security Update : glibc (SAT Patch Number 2700)NessusSuSE Local Security Checks
high
50912SuSE 11 / 11.1 Security Update : glibc (SAT Patch Numbers 3392 / 3393)NessusSuSE Local Security Checks
high
50605GLSA-201011-01 : GNU C library: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
50377SuSE 10 Security Update : glibc (ZYPP Patch Number 7201)NessusSuSE Local Security Checks
high
50373openSUSE Security Update : glibc (openSUSE-SU-2010:0913-1)NessusSuSE Local Security Checks
high
50367openSUSE Security Update : glibc (openSUSE-SU-2010:0914-1)NessusSuSE Local Security Checks
high
49758SuSE9 Security Update : glibc (YOU Patch Number 12641)NessusSuSE Local Security Checks
high
48185Mandriva Linux Security Advisory : glibc (MDVSA-2010:112)NessusMandriva Local Security Checks
high
46861Debian DSA-2058-1 : glibc, eglibc - multiple vulnerabilitiesNessusDebian Local Security Checks
high
46849Mandriva Linux Security Advisory : glibc (MDVSA-2010:111)NessusMandriva Local Security Checks
high
46731Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : glibc, eglibc vulnerabilities (USN-944-1)NessusUbuntu Local Security Checks
high