CVE-2010-0296

DEB

MediumConfirmedExploit available

The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, …

CVSS

4.3

Medium

EPSS

0.00

p30

Published

2010-01-01

Updated

2010-01-01

Description

The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or possibly modify mount options and gain privileges, via a crafted mount request.

Tags · CWE

CWE-20

CAPEC-3

CAPEC-7

CAPEC-8

CAPEC-9

CAPEC-10

CAPEC-13

CAPEC-14

CAPEC-22

CAPEC-23

CAPEC-24

CAPEC-28

CAPEC-31

CAPEC-42

CAPEC-43

CAPEC-45

CAPEC-46

CAPEC-47

CAPEC-52

CAPEC-53

CAPEC-63

CAPEC-64

CAPEC-67

CAPEC-71

CAPEC-72

CAPEC-73

CAPEC-78

CAPEC-79

CAPEC-80

CAPEC-81

CAPEC-83

CAPEC-85

CAPEC-88

CAPEC-101

CAPEC-104

CAPEC-108

CAPEC-109

CAPEC-110

CAPEC-120

CAPEC-135

CAPEC-136

CAPEC-153

CAPEC-182

CAPEC-209

CAPEC-230

CAPEC-231

CAPEC-250

CAPEC-261

CAPEC-267

CAPEC-473

CAPEC-588

CAPEC-664

Affected products

Glibc ≤ 2.11.1Glibc

CVSS vector

AV:L/AC:L/Au:S/C:P/I:P/A:P

Timeline

2010-01-01

Published

2010-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: L

Local (L)

Attack Complexity

AC: L

Low (L)

Authentication

Au: S

Single

Confidentiality Impact

C: P

Partial

Integrity Impact

I: P

Partial

Availability Impact

A: P

Partial

Exploit indicators

EPSS

0.001 · p30

Known exploited (KEV)

MITRE ATT&CK

Inferred via CAPEC

T1027Obfuscated Files or Information

└ via CAPEC-267 · CWE-20

T1036.001Invalid Code Signature

└ via CAPEC-473 · CWE-20

T1539Steal Web Session Cookie

└ via CAPEC-31 · CWE-20

T1553.002Code Signing

└ via CAPEC-473 · CWE-20

T1574.006Dynamic Linker Hijacking

└ via CAPEC-13 · CWE-20

T1574.007Path Interception by PATH Environment Variable

└ via CAPEC-13 · CWE-20

Known exploits — Сканер-ВС

15274

exploitdb · https://www.exploit-db.com/exploits/15274

Enterprise

15304

exploitdb · https://www.exploit-db.com/exploits/15304

Enterprise

17120

exploitdb · https://www.exploit-db.com/exploits/17120

Enterprise

18105

exploitdb · https://www.exploit-db.com/exploits/18105

Enterprise

31550

exploitdb · https://www.exploit-db.com/exploits/31550

Enterprise

33230

exploitdb · https://www.exploit-db.com/exploits/33230

Enterprise

36404

exploitdb · https://www.exploit-db.com/exploits/36404

Enterprise

44024

exploitdb · https://www.exploit-db.com/exploits/44024

Enterprise

44025

exploitdb · https://www.exploit-db.com/exploits/44025

Enterprise

CVE-2010-3847

github-poc · https://github.com/magisterquis/cve-2010-3847

Enterprise

Affected software

Product	Vendor	Status
eglibc		Tracked
glibc		Tracked
glibc		Tracked
glibc		Tracked
glibc		Tracked
glibc	*	Tracked

Source databases

DEB

CVE

RED

UBU

Related vulnerabilities

BDU:2015-01134 BDU:2015-01135 BDU:2015-01136 BDU:2015-01137 BDU:2015-01138 BDU:2015-01139 BDU:2015-01140 BDU:2015-01141 BDU:2015-01142 BDU:2015-01143 BDU:2015-01144 BDU:2015-01145 BDU:2015-01146 BDU:2015-01147 BDU:2015-01148 BDU:2015-01149 BDU:2015-01150 BDU:2015-01151 BDU:2015-01152 BDU:2015-01153 BDU:2015-01154 BDU:2015-01155 BDU:2015-01156 BDU:2015-01157 BDU:2015-01158 BDU:2015-01159 BDU:2015-01160 BDU:2015-01161 BDU:2015-01162 BDU:2015-01163 BDU:2015-01164 BDU:2015-01165 BDU:2015-01166 BDU:2015-01167 BDU:2015-01168 BDU:2015-01169 BDU:2015-01170 BDU:2015-04440 BDU:2015-04441 BDU:2015-04442 BDU:2015-04443 BDU:2015-04444 BDU:2015-04445 BDU:2015-04446 BDU:2015-04447 BDU:2015-05982 BDU:2015-05983 BDU:2015-05984 BDU:2015-05985 BDU:2015-05986 BDU:2015-05987 BDU:2015-06020 BDU:2015-08584 BDU:2015-08585 BDU:2015-08586 BDU:2015-08587 BDU:2015-08588 BDU:2015-08589 BDU:2015-09412 BDU:2017-00285