CVE-2010-0296

Publication date 7 April 2010

Last updated 24 July 2024

The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or possibly modify mount options and gain privileges, via a crafted mount request.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
glibc	10.04 LTS lucid	Not in release
	9.10 karmic	Not in release
	9.04 jaunty	Fixed 2.9-4ubuntu6.2
	8.10 intrepid	Ignored end of life, was needed
	8.04 LTS hardy	Fixed 2.7-10ubuntu6
	6.06 LTS dapper	Fixed 2.3.6-0ubuntu20.6
eglibc	10.04 LTS lucid	Fixed 2.11.1-0ubuntu7.1
	9.10 karmic	Fixed 2.10.1-0ubuntu17
	9.04 jaunty	Not in release
	8.10 intrepid	Not in release
	8.04 LTS hardy	Not in release
	6.06 LTS dapper	Not in release

References

Related Ubuntu Security Notices (USN)

USN-944-1
GNU C Library vulnerabilities
25 May 2010

Other references

https://www.cve.org/CVERecord?id=CVE-2010-0296