LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

LWN.net Weekly Edition for February 2, 2012

A tempest in a toybox

LWN.net Weekly Edition for January 26, 2012

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

MeeGo alert MeeGo-SA-10:17 (glibc)



From:
    	      "Ware, Ryan R" <ryan.r.ware@intel.com> 


To:
    	      "meego-security@meego.com" <meego-security@meego.com> 


Subject:
    	      [MeeGo-security] [MeeGo-SA-10:17.glibc] Glibc encode_name
	Vulnerability 


Date:
    	      Fri, 27 Aug 2010 16:22:59 -0700


Message-ID:
    	      <C89D96E3.363BA%ryan.r.ware@intel.com>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
==
MeeGo-SA-10:17.glibc                Security Advisory
                                                                MeeGo
Project

Topic:          Glibc encode_name Vulnerability

Category:       Toolchain
Module:         glibc
Announced:      August 3, 2010
Affects:        MeeGo 1.0
Corrected:      August 3, 2010
MeeGo BID: 2638
CVE:  CVE-2010-0296

For general information regarding MeeGo Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://www.MeeGo.com/>.

I.   Background

The glibc package contains standard libraries which are used by
multiple programs on the system. In order to save disk space and
memory, as well as to make upgrading easier, common system code is
kept in one place and shared between programs. This particular package
contains the most important sets of shared libraries: the standard C
library and the standard math library. Without these two libraries, a
Linux system will not function.

II.  Problem Description

The encode_name macro in misc/mntent_r.c in the GNU C Library (aka
glibc or libc6) 2.11.1 and earlier, as used by ncpmount and
mount.cifs, does not properly handle newline characters in mountpoint
names, which allows local users to cause a denial of service (mtab
corruption), or possibly modify mount options and gain privileges, via
a crafted mount request.
CVSS v2 Base: 7.2 (HIGH)
Access Vector: Locally Exploitable

III. Impact

Potential denial of service or privilege gain via input validation
error (CWE-20)

IV.  Workaround

None

V.   Solution

Update to package glibc-2.11.90-20.1 or later.

VI. References

http://bugs.meego.com/show_bug.cgi?id=2638
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-...
http://cwe.mitre.org/data/definitions/20.html

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.13 (Darwin)

iQEcBAEBAgAGBQJMeEPsAAoJECxjfBlj7RcKUnsH/0+FGKfWhF58wjZ9Vy+K/eLA
cVnLDk7ohxK8V90Z8Src3wz35c9tCs46o+z2n0ebEBkvoxVSF1yo6RctVNx56gzW
YeGrgJZ/jDnIjA2p3V3w1HkYg8masaRvlGgAxW7ogmZKv4J7U4sb5cnxc2WsvDig
SqEN7407yzW1cLObi3iNmGi7IoyWx682nqC75Y00qI4HUHbpS4tLascCvYiCq28X
Y9/jYOa2OSkmcqJQVrkpcPMbOZMIPXXv4KWYxPHALDPWkW7SMuQN5GHEvnNyvpD7
9Ig8DawEZ0oMJqsmPDlUOaLQ4RbO4dFkgH+9JcsTmPI7697XEdYbIrFGhrZN3Xc=
=GYEG
-----END PGP SIGNATURE-----

_______________________________________________
MeeGo-security mailing list
MeeGo-security@meego.com
http://lists.meego.com/listinfo/meego-security
(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds