Search for vulnerabilities
Vulnerability details: VCID-fn5u-se4q-aaak
Vulnerability ID VCID-fn5u-se4q-aaak
Aliases CVE-2010-0296
Summary The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or possibly modify mount options and gain privileges, via a crafted mount request.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-20 Improper Input Validation
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2011:0412
rhas Moderate https://access.redhat.com/errata/RHSA-2012:0125
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
epss 0.00217 https://api.first.org/data/v1/epss?cve=CVE-2010-0296
cvssv2 7.2 https://nvd.nist.gov/vuln/detail/CVE-2010-0296
Reference id Reference type URL
http://frugalware.org/security/662
http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0296.json
https://api.first.org/data/v1/epss?cve=CVE-2010-0296
https://bugzilla.redhat.com/show_bug.cgi?id=559579
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0296
http://seclists.org/fulldisclosure/2019/Jun/18
http://secunia.com/advisories/39900
http://secunia.com/advisories/43830
http://secunia.com/advisories/46397
http://security.gentoo.org/glsa/glsa-201011-01.xml
http://securitytracker.com/id?1024043
https://exchange.xforce.ibmcloud.com/vulnerabilities/59240
https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html
http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=ab00f4eac8f4932211259ff87be83144f5211540
http://sourceware.org/git/?p=glibc.git;a=commit;h=ab00f4eac8f4932211259ff87be83144f5211540
https://seclists.org/bugtraq/2019/Jun/14
http://www.debian.org/security/2010/dsa-2058
http://www.mandriva.com/security/advisories?name=MDVSA-2010:111
http://www.mandriva.com/security/advisories?name=MDVSA-2010:112
http://www.redhat.com/support/errata/RHSA-2011-0412.html
http://www.securityfocus.com/archive/1/520102/100/0/threaded
http://www.ubuntu.com/usn/USN-944-1
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
http://www.vupen.com/english/advisories/2010/1246
http://www.vupen.com/english/advisories/2011/0863
583908 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583908
cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.10:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.10.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.10.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.11:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.1.9:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.2.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.2.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.2.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.2.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.2.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.2.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.3.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.3.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.3.10:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.3.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.3.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.3.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.3.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.3.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.3.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.3.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.5.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.6.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.7:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.8:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.9:*:*:*:*:*:*:*
CVE-2010-0296 https://nvd.nist.gov/vuln/detail/CVE-2010-0296
GLSA-201011-01 https://security.gentoo.org/glsa/201011-01
RHSA-2011:0412 https://access.redhat.com/errata/RHSA-2011:0412
RHSA-2012:0125 https://access.redhat.com/errata/RHSA-2012:0125
USN-944-1 https://usn.ubuntu.com/944-1/
No exploits are available.
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2010-0296
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.10982
EPSS Score 0.00044
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.