what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

CVE-2010-0296

Status Candidate

Overview

The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or possibly modify mount options and gain privileges, via a crafted mount request.

Related Files

WAGO 852 Industrial Managed Switch Series Code Execution / Hardcoded Credentials
Posted Jun 13, 2019
Authored by T. Weber | Site sec-consult.com

The industrial managed switch series 852 from WAGO is affected by multiple vulnerabilities such as old software components embedded in the firmware. Furthermore, hardcoded password hashes and credentials were also found by doing an automated scan with IoT Inspector.

tags | exploit, vulnerability
advisories | CVE-2010-0296, CVE-2010-3856, CVE-2011-2716, CVE-2011-5325, CVE-2012-4412, CVE-2013-1813, CVE-2014-4043, CVE-2014-9402, CVE-2014-9761, CVE-2014-9984, CVE-2015-0235, CVE-2015-1472, CVE-2015-9261, CVE-2016-2147, CVE-2016-2148, CVE-2016-6301, CVE-2019-12550
SHA-256 | 5c8f473ce950d3d7fc4a502cd31cbb68d69766f0ee3d50da6ac20921262a4c65
Red Hat Security Advisory 2012-0125-01
Posted Feb 13, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0125-01 - The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2009-5029, CVE-2009-5064, CVE-2010-0296, CVE-2010-0830, CVE-2011-1071, CVE-2011-1089, CVE-2011-1095, CVE-2011-1659, CVE-2011-4609
SHA-256 | b6e05a59af39b290a68a9fe97a9154b04697ee0e444b07fea716715d9493bda2
VMware Security Advisory 2011-0012
Posted Oct 14, 2011
Authored by VMware | Site vmware.com

VMware Security Advisory 2011-0012 - VMware ESXi and ESX updates to third party libraries and ESX Service Console address several security issues.

tags | advisory
advisories | CVE-2010-0296, CVE-2010-1083, CVE-2010-1323, CVE-2010-2492, CVE-2010-2798, CVE-2010-2938, CVE-2010-2942, CVE-2010-2943, CVE-2010-3015, CVE-2010-3066, CVE-2010-3067, CVE-2010-3078, CVE-2010-3086, CVE-2010-3296, CVE-2010-3432, CVE-2010-3442, CVE-2010-3477, CVE-2010-3699, CVE-2010-3858, CVE-2010-3859, CVE-2010-3865, CVE-2010-3876, CVE-2010-3877, CVE-2010-3880, CVE-2010-3904, CVE-2010-4072, CVE-2010-4073, CVE-2010-4075
SHA-256 | 7fd5e9259774393a258a0c189d667e06ba833c9fb8b0cd11fa8fb35727aecafa
Gentoo Linux Security Advisory 201011-01
Posted Nov 16, 2010
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201011-1 - Multiple vulnerabilities were found in glibc, the worst of which allowing local attackers to execute arbitrary code as root. Multiple vulnerabilities were found in glibc, amongst others the widely-known recent LD_AUDIT and $ORIGIN issues. For further information please consult the CVE entries referenced below. Versions less than 2.11.2-r3 are affected.

tags | advisory, arbitrary, local, root, vulnerability
systems | linux, gentoo
advisories | CVE-2009-4880, CVE-2009-4881, CVE-2010-0296, CVE-2010-0830, CVE-2010-3847, CVE-2010-3856
SHA-256 | e7fd1080a732debd69f8864702d36b5571373a61bee34c47c11be74bc1e37420
Debian Linux Security Advisory 2058-1
Posted Jun 12, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2058-1 - Several vulnerabilities have been discovered in the GNU C Library (aka glibc) and its derivatives.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2008-1391, CVE-2009-4880, CVE-2009-4881, CVE-2010-0296, CVE-2010-0830
SHA-256 | a3e6451fc8bc3981f5bacfe1586c02bc17698e70155ea54426f4c30b9fb42d4b
Mandriva Linux Security Advisory 2010-112
Posted Jun 9, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-112 - Multiple vulnerabilities was discovered and fixed in glibc. The updated packages have been patched to correct these issues.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2009-4880, CVE-2010-0015, CVE-2010-0296, CVE-2010-0830
SHA-256 | 1539ef48affa2bdd4ff1fbcb10baca165eb4383531035668c0ec1d1d3f31e4c6
Mandriva Linux Security Advisory 2010-111
Posted Jun 9, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-111 - Multiple vulnerabilities was discovered and fixed in glibc. The updated packages have been patched to correct these issues.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2009-4880, CVE-2009-4881, CVE-2010-0015, CVE-2010-0296, CVE-2010-0830
SHA-256 | b67df34d081ca3c40a950f5fc06c07bbc5bc25a1e0a4984f6007c19901456d83
Ubuntu Security Notice 944-1
Posted May 26, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 944-1 - Maksymilian Arciemowicz discovered that the GNU C library did not correctly handle integer overflows in the strfmon function. If a user or automated system were tricked into processing a specially crafted format string, a remote attacker could crash applications, leading to a denial of service. (Ubuntu 10.04 was not affected.) Jeff Layton and Dan Rosenberg discovered that the GNU C library did not correctly handle newlines in the mntent family of functions. If a local attacker were able to inject newlines into a mount entry through other vulnerable mount helpers, they could disrupt the system or possibly gain root privileges. Dan Rosenberg discovered that the GNU C library did not correctly validate certain ELF program headers. If a user or automated system were tricked into verifying a specially crafted ELF program, a remote attacker could execute arbitrary code with user privileges.

tags | advisory, remote, denial of service, overflow, arbitrary, local, root
systems | linux, ubuntu
advisories | CVE-2008-1391, CVE-2010-0296, CVE-2010-0830
SHA-256 | 3912a2ecbd425f205230279f33dba703af4f372c3f17130c8ea1d9cf79a904f4
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    11 Files
  • 8
    Dec 8th
    36 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close