What is the severity of CVE-2010-0296?

The severity of CVE-2010-0296 is classified as moderate due to its potential to cause denial of service.

How do I fix CVE-2010-0296?

To fix CVE-2010-0296, update the GNU C Library to version 2.11.2 or later.

What systems are affected by CVE-2010-0296?

CVE-2010-0296 affects various versions of the GNU C Library, specifically versions prior to 2.11.2.

What type of attack does CVE-2010-0296 enable?

CVE-2010-0296 enables local users to cause a denial of service through mtab corruption.

Can CVE-2010-0296 lead to any data modification?

Yes, CVE-2010-0296 may allow local users to modify mountpoint names under certain conditions.

Vulnerability/
CVE-2010-0296

high

7.2

CWE

28/1/2010

25/5/2010

1/6/2010

7/8/2024

CVE-2010-0296: Input Validation

First published: Thu Jan 28 2010(Updated: )

The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or possibly modify mount options and gain privileges, via a crafted mount request.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
redhat/glibc	<0:2.5-58.el5_6.2	0:2.5-58.el5_6.2
GNU C Library	<=2.11.1
GNU C Library	=2.0
GNU C Library	=2.0.1
GNU C Library	=2.0.2
GNU C Library	=2.0.3
GNU C Library	=2.0.4
GNU C Library	=2.0.5
GNU C Library	=2.0.6
GNU C Library	=2.1
GNU C Library	=2.1.1
GNU C Library	=2.1.1.6
GNU C Library	=2.1.2
GNU C Library	=2.1.3
GNU C Library	=2.1.9
GNU C Library	=2.2
GNU C Library	=2.2.1
GNU C Library	=2.2.2
GNU C Library	=2.2.3
GNU C Library	=2.2.4
GNU C Library	=2.2.5
GNU C Library	=2.3
GNU C Library	=2.3.1
GNU C Library	=2.3.2
GNU C Library	=2.3.3
GNU C Library	=2.3.4
GNU C Library	=2.3.5
GNU C Library	=2.3.6
GNU C Library	=2.3.10
GNU C Library	=2.4
GNU C Library	=2.5
GNU C Library	=2.5.1
GNU C Library	=2.6
GNU C Library	=2.6.1
GNU C Library	=2.7
GNU C Library	=2.8
GNU C Library	=2.9
GNU C Library	=2.10
GNU C Library	=2.10.1
GNU C Library	=2.11

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

What is the severity of CVE-2010-0296?
The severity of CVE-2010-0296 is classified as moderate due to its potential to cause denial of service.
How do I fix CVE-2010-0296?
To fix CVE-2010-0296, update the GNU C Library to version 2.11.2 or later.
What systems are affected by CVE-2010-0296?
CVE-2010-0296 affects various versions of the GNU C Library, specifically versions prior to 2.11.2.
What type of attack does CVE-2010-0296 enable?
CVE-2010-0296 enables local users to cause a denial of service through mtab corruption.
Can CVE-2010-0296 lead to any data modification?
Yes, CVE-2010-0296 may allow local users to modify mountpoint names under certain conditions.

agent/first-publish-date
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2010-0296
agent/type
collector/redhat-cve
agent/software-canonical-lookup
agent/severity
agent/weakness
agent/references
agent/author
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/trending
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-historical
package-manager/redhat
vendor/gnu
canonical/gnu c library
version/gnu c library/2.11.1
version/gnu c library/2.0
version/gnu c library/2.0.1
version/gnu c library/2.0.2
version/gnu c library/2.0.3
version/gnu c library/2.0.4
version/gnu c library/2.0.5
version/gnu c library/2.0.6
version/gnu c library/2.1
version/gnu c library/2.1.1
version/gnu c library/2.1.1.6
version/gnu c library/2.1.2
version/gnu c library/2.1.3
version/gnu c library/2.1.9
version/gnu c library/2.2
version/gnu c library/2.2.1
version/gnu c library/2.2.2
version/gnu c library/2.2.3
version/gnu c library/2.2.4
version/gnu c library/2.2.5
version/gnu c library/2.3
version/gnu c library/2.3.1
version/gnu c library/2.3.2
version/gnu c library/2.3.3
version/gnu c library/2.3.4
version/gnu c library/2.3.5
version/gnu c library/2.3.6
version/gnu c library/2.3.10
version/gnu c library/2.4
version/gnu c library/2.5
version/gnu c library/2.5.1
version/gnu c library/2.6
version/gnu c library/2.6.1
version/gnu c library/2.7
version/gnu c library/2.8
version/gnu c library/2.9
version/gnu c library/2.10
version/gnu c library/2.10.1
version/gnu c library/2.11