CVE-2010-0296

Priority
Low
Description
The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or
libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not
properly handle newline characters in mountpoint names, which allows local
users to cause a denial of service (mtab corruption), or possibly modify
mount options and gain privileges, via a crafted mount request.
References
Assigned-to
kees
Package
Source: glibc (LP Ubuntu Debian)
Upstream:needed
Ubuntu 8.04 LTS (Hardy Heron):released (2.7-10ubuntu6)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Package
Upstream:needed
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):released (2.11.1-0ubuntu7.1)
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:20:39 UTC (commit 5347)