Computer Security
[EN] securityvulns.ru no-pyccku


GNU glibc library security vulnerabilities
Published:27.05.2010
Source:
SecurityVulns ID:10874
Type:library
Threat Level:
6/10
Description:Invalid mntent functions string processing, ELF format parsing memory corruption.
Affected:GNU : glibc 2.11
CVE:CVE-2010-0830 (Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header.)
 CVE-2010-0296 (The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or possibly modify mount options and gain privileges, via a crafted mount request.)
Original documentdocumentUBUNTU, [USN-944-1] GNU C Library vulnerabilities (27.05.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod