CVE 2010-0296
The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or possibly modify mount options and gain privileges, via a crafted mount request.
Related bugs and status
CVE-2010-0296 (Candidate) is related to these bugs:
Bug #392501: readdir_r smashes stack on long dir entry
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
392501 | readdir_r smashes stack on long dir entry | glibc (Ubuntu) | Undecided | Invalid | ||
392501 | readdir_r smashes stack on long dir entry | GLibC | Medium | Fix Released | ||
392501 | readdir_r smashes stack on long dir entry | eglibc (Ubuntu) | Medium | Fix Released | ||
392501 | readdir_r smashes stack on long dir entry | eglibc (Ubuntu Hardy) | Undecided | Invalid | ||
392501 | readdir_r smashes stack on long dir entry | glibc (Ubuntu Hardy) | Medium | Fix Released | ||
392501 | readdir_r smashes stack on long dir entry | eglibc (Ubuntu Lucid) | Medium | Fix Released | ||
392501 | readdir_r smashes stack on long dir entry | glibc (Ubuntu Lucid) | Undecided | Invalid | ||
392501 | readdir_r smashes stack on long dir entry | eglibc (Ubuntu Karmic) | Medium | Fix Released | ||
392501 | readdir_r smashes stack on long dir entry | glibc (Ubuntu Karmic) | Undecided | Invalid | ||
392501 | readdir_r smashes stack on long dir entry | eglibc (Ubuntu Intrepid) | Undecided | Invalid | ||
392501 | readdir_r smashes stack on long dir entry | glibc (Ubuntu Intrepid) | Medium | Invalid | ||
392501 | readdir_r smashes stack on long dir entry | eglibc (Ubuntu Dapper) | Undecided | Invalid | ||
392501 | readdir_r smashes stack on long dir entry | glibc (Ubuntu Dapper) | Medium | Fix Released | ||
392501 | readdir_r smashes stack on long dir entry | eglibc (Ubuntu Jaunty) | Undecided | Invalid | ||
392501 | readdir_r smashes stack on long dir entry | glibc (Ubuntu Jaunty) | Medium | Fix Released |
Bug #542197: Memory corruption in ld.so
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
542197 | Memory corruption in ld.so | glibc (Ubuntu) | Undecided | Invalid | ||
542197 | Memory corruption in ld.so | glibc (Ubuntu Intrepid) | Low | Won't Fix | ||
542197 | Memory corruption in ld.so | glibc (Ubuntu Hardy) | Low | Fix Released | ||
542197 | Memory corruption in ld.so | glibc (Ubuntu Karmic) | Undecided | Invalid | ||
542197 | Memory corruption in ld.so | glibc (Ubuntu Dapper) | Low | Fix Released | ||
542197 | Memory corruption in ld.so | glibc (Ubuntu Lucid) | Undecided | Invalid | ||
542197 | Memory corruption in ld.so | glibc (Ubuntu Jaunty) | Low | Fix Released | ||
542197 | Memory corruption in ld.so | eglibc (Ubuntu) | Low | Fix Released | ||
542197 | Memory corruption in ld.so | eglibc (Ubuntu Dapper) | Undecided | Invalid | ||
542197 | Memory corruption in ld.so | eglibc (Ubuntu Hardy) | Undecided | Invalid | ||
542197 | Memory corruption in ld.so | eglibc (Ubuntu Intrepid) | Undecided | Invalid | ||
542197 | Memory corruption in ld.so | eglibc (Ubuntu Jaunty) | Undecided | Invalid | ||
542197 | Memory corruption in ld.so | eglibc (Ubuntu Karmic) | Low | Fix Released | ||
542197 | Memory corruption in ld.so | eglibc (Ubuntu Lucid) | Low | Fix Released |
See the
CVE page on Mitre.org
for more details.