Lucene search

K
ubuntucveUbuntu.comUB:CVE-2010-0296
HistoryApr 07, 2010 - 12:00 a.m.

CVE-2010-0296

2010-04-0700:00:00
ubuntu.com
ubuntu.com
12

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

9.3%

The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or
libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not
properly handle newline characters in mountpoint names, which allows local
users to cause a denial of service (mtab corruption), or possibly modify
mount options and gain privileges, via a crafted mount request.

OSVersionArchitecturePackageVersionFilename
ubuntu9.10noarcheglibc< 2.10.1-0ubuntu17UNKNOWN
ubuntu10.04noarcheglibc< 2.11.1-0ubuntu7.1UNKNOWN
ubuntu6.06noarchglibc< 2.3.6-0ubuntu20.6UNKNOWN
ubuntu8.04noarchglibc< 2.7-10ubuntu6UNKNOWN
ubuntu9.04noarchglibc< 2.9-4ubuntu6.2UNKNOWN

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

9.3%