PT-2008-6879 · Gnu+1 · Libc6+2

Dan Rosenberg

+1

·

Published

1970-01-01

·

Updated

2023-02-13

·

CVE-2010-0296

CVSS v2.0

7.2

High

VectorAV:L/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions glibc versions prior to 2.11.2 libc6 versions prior to 2.11.2 libc6-dev versions prior to 2.11.2 glibc-2.3.4 glibc-profile-2.3.4 glibc-headers-2.3.4 glibc-utils-2.3.4 glibc-common-2.3.4 glibc-devel-2.3.4 glibc-debuginfo glibc-profile-64bit glibc-locale-64bit glibc-dceext glibc-dceext-32bit libc6-i386 libc6-sparcv9b libc6-mipsn32 libc6-xen libc6-amd64 libc6-sparc64 libc6-ppc64 libc6-mips64 libc6-s390x libc6-dev-sparc64 libc6-dev-mips64 libc6-dev-mipsn32 libc6-dev-ppc64 libc6-dev-s390x libc6-dev-amd64 libc6.1 libc6.1-dev libc6.1-pic libc6.1-udeb libc6.1-alphaev67 libc6-dbg libc6-prof libc6-pic libnss-dns-udeb libnss-files-udeb locales locales-all nptl-devel-2.3.4 nscd
Description The issue is related to multiple vulnerabilities in the glibc and libc6 packages, which can lead to a disruption of confidentiality, integrity, and availability of protected information. The vulnerabilities can be exploited remotely or locally, depending on the specific package and version. The encode name macro in misc/mntent r.c is specifically mentioned as being vulnerable to newline characters in mountpoint names, allowing local users to cause a denial of service or possibly modify mount options and gain privileges.
Recommendations For glibc versions prior to 2.11.2, update to version 2.11.2 or later. For libc6 versions prior to 2.11.2, update to version 2.11.2 or later. For libc6-dev versions prior to 2.11.2, update to version 2.11.2 or later. For glibc-2.3.4, glibc-profile-2.3.4, glibc-headers-2.3.4, glibc-utils-2.3.4, glibc-common-2.3.4, and glibc-devel-2.3.4, update to a version later than 2.3.4. For other affected packages, update to the latest available version. As a temporary workaround, consider disabling the encode name macro until a patch is available. Restrict access to the vulnerable packages to minimize the risk of exploitation. Avoid using the vulnerable functions and parameters until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

RCE

Weakness Enumeration

CWE-399CWE-20CWE-189

Related Identifiers

BDU:2015-01134
BDU:2015-01135
BDU:2015-01136
BDU:2015-01137
BDU:2015-01138
BDU:2015-01139
BDU:2015-01140
BDU:2015-01141
BDU:2015-01142
BDU:2015-01143
BDU:2015-01144
BDU:2015-01145
BDU:2015-01146
BDU:2015-01147
BDU:2015-01148
BDU:2015-01149
BDU:2015-01150
BDU:2015-01151
BDU:2015-01152
BDU:2015-01153
BDU:2015-01154
BDU:2015-01155
BDU:2015-01156
BDU:2015-01157
BDU:2015-01158
BDU:2015-01159
BDU:2015-01160
BDU:2015-01161
BDU:2015-01162
BDU:2015-01163
BDU:2015-01164
BDU:2015-01165
BDU:2015-01166
BDU:2015-01167
BDU:2015-01168
BDU:2015-01169
BDU:2015-01170
BDU:2015-04440
BDU:2015-04441
BDU:2015-04442
BDU:2015-04443
BDU:2015-04444
BDU:2015-04445
BDU:2015-04446
BDU:2015-04447
BDU:2015-05982
BDU:2015-05983
BDU:2015-05984
BDU:2015-05985
BDU:2015-05986
BDU:2015-05987
BDU:2015-06020
BDU:2015-08584
BDU:2015-08585
BDU:2015-08586
BDU:2015-08587
BDU:2015-08588
BDU:2015-08589
BDU:2015-09412
BDU:2017-00285
CVE-2010-0296
DSA-2058-1
RHSA-2011:0412
RHSA-2011_0412
RHSA-2012:0125
RHSA-2012_0125

Affected Products

Red Hat
Glibc
Libc6