Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
Astra Linux SE 1.5
Astra Linux SE 1.6
Astra Linux SE 1.7
Astra Linux SE 1.8
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:ru.altx-soft.vmw:def:289
[Eng]
Version
4
Class
vulnerability
ALTXid
152366
Language
Russian
Severity
High
Title
Уязвимость в VMware ESXi 5.0 (CVE-2010-0296)
Description
Макрос encode_name в misc/mntent_r.c в библиотеке GNU C 2.11.1 и ниже не правильно обрабатывает newline символы в именах точек монтирования, что позволяет локальным пользователям вызвать отказ в обслуживании или изменить параметры монтирования и получить привилегии через специально сформированный mount запрос.
Family
vmware_esxi
Platform
VMware ESXi Server 5.0
Reference
packetstormsecurity: WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials
packetstormsecurity: WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials
Id:
WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials
Reference:
https://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
FSTEC: BDU:2015-09412
FSTEC: BDU:2015-09412
Id:
BDU:2015-09412
Reference:
https://bdu.fstec.ru/vul/2015-09412
FSTEC: BDU:2015-08589
FSTEC: BDU:2015-08589
Id:
BDU:2015-08589
Reference:
https://bdu.fstec.ru/vul/2015-08589
FSTEC: BDU:2015-08588
FSTEC: BDU:2015-08588
Id:
BDU:2015-08588
Reference:
https://bdu.fstec.ru/vul/2015-08588
FSTEC: BDU:2015-08587
FSTEC: BDU:2015-08587
Id:
BDU:2015-08587
Reference:
https://bdu.fstec.ru/vul/2015-08587
FSTEC: BDU:2015-08586
FSTEC: BDU:2015-08586
Id:
BDU:2015-08586
Reference:
https://bdu.fstec.ru/vul/2015-08586
FSTEC: BDU:2015-08585
FSTEC: BDU:2015-08585
Id:
BDU:2015-08585
Reference:
https://bdu.fstec.ru/vul/2015-08585
FSTEC: BDU:2015-08584
FSTEC: BDU:2015-08584
Id:
BDU:2015-08584
Reference:
https://bdu.fstec.ru/vul/2015-08584
FSTEC: BDU:2015-06020
FSTEC: BDU:2015-06020
Id:
BDU:2015-06020
Reference:
https://bdu.fstec.ru/vul/2015-06020
FSTEC: BDU:2015-05987
FSTEC: BDU:2015-05987
Id:
BDU:2015-05987
Reference:
https://bdu.fstec.ru/vul/2015-05987
FSTEC: BDU:2015-05986
FSTEC: BDU:2015-05986
Id:
BDU:2015-05986
Reference:
https://bdu.fstec.ru/vul/2015-05986
FSTEC: BDU:2015-05985
FSTEC: BDU:2015-05985
Id:
BDU:2015-05985
Reference:
https://bdu.fstec.ru/vul/2015-05985
FSTEC: BDU:2015-05984
FSTEC: BDU:2015-05984
Id:
BDU:2015-05984
Reference:
https://bdu.fstec.ru/vul/2015-05984
FSTEC: BDU:2015-05983
FSTEC: BDU:2015-05983
Id:
BDU:2015-05983
Reference:
https://bdu.fstec.ru/vul/2015-05983
FSTEC: BDU:2015-05982
FSTEC: BDU:2015-05982
Id:
BDU:2015-05982
Reference:
https://bdu.fstec.ru/vul/2015-05982
FSTEC: BDU:2015-04447
FSTEC: BDU:2015-04447
Id:
BDU:2015-04447
Reference:
https://bdu.fstec.ru/vul/2015-04447
FSTEC: BDU:2015-04446
FSTEC: BDU:2015-04446
Id:
BDU:2015-04446
Reference:
https://bdu.fstec.ru/vul/2015-04446
FSTEC: BDU:2015-04445
FSTEC: BDU:2015-04445
Id:
BDU:2015-04445
Reference:
https://bdu.fstec.ru/vul/2015-04445
FSTEC: BDU:2015-04444
FSTEC: BDU:2015-04444
Id:
BDU:2015-04444
Reference:
https://bdu.fstec.ru/vul/2015-04444
FSTEC: BDU:2015-04443
FSTEC: BDU:2015-04443
Id:
BDU:2015-04443
Reference:
https://bdu.fstec.ru/vul/2015-04443
FSTEC: BDU:2015-04442
FSTEC: BDU:2015-04442
Id:
BDU:2015-04442
Reference:
https://bdu.fstec.ru/vul/2015-04442
FSTEC: BDU:2015-04441
FSTEC: BDU:2015-04441
Id:
BDU:2015-04441
Reference:
https://bdu.fstec.ru/vul/2015-04441
FSTEC: BDU:2015-04440
FSTEC: BDU:2015-04440
Id:
BDU:2015-04440
Reference:
https://bdu.fstec.ru/vul/2015-04440
FSTEC: BDU:2015-01170
FSTEC: BDU:2015-01170
Id:
BDU:2015-01170
Reference:
https://bdu.fstec.ru/vul/2015-01170
FSTEC: BDU:2015-01169
FSTEC: BDU:2015-01169
Id:
BDU:2015-01169
Reference:
https://bdu.fstec.ru/vul/2015-01169
FSTEC: BDU:2015-01168
FSTEC: BDU:2015-01168
Id:
BDU:2015-01168
Reference:
https://bdu.fstec.ru/vul/2015-01168
FSTEC: BDU:2015-01167
FSTEC: BDU:2015-01167
Id:
BDU:2015-01167
Reference:
https://bdu.fstec.ru/vul/2015-01167
FSTEC: BDU:2015-01166
FSTEC: BDU:2015-01166
Id:
BDU:2015-01166
Reference:
https://bdu.fstec.ru/vul/2015-01166
FSTEC: BDU:2015-01165
FSTEC: BDU:2015-01165
Id:
BDU:2015-01165
Reference:
https://bdu.fstec.ru/vul/2015-01165
FSTEC: BDU:2015-01164
FSTEC: BDU:2015-01164
Id:
BDU:2015-01164
Reference:
https://bdu.fstec.ru/vul/2015-01164
FSTEC: BDU:2015-01163
FSTEC: BDU:2015-01163
Id:
BDU:2015-01163
Reference:
https://bdu.fstec.ru/vul/2015-01163
FSTEC: BDU:2015-01162
FSTEC: BDU:2015-01162
Id:
BDU:2015-01162
Reference:
https://bdu.fstec.ru/vul/2015-01162
FSTEC: BDU:2015-01161
FSTEC: BDU:2015-01161
Id:
BDU:2015-01161
Reference:
https://bdu.fstec.ru/vul/2015-01161
FSTEC: BDU:2015-01160
FSTEC: BDU:2015-01160
Id:
BDU:2015-01160
Reference:
https://bdu.fstec.ru/vul/2015-01160
FSTEC: BDU:2015-01159
FSTEC: BDU:2015-01159
Id:
BDU:2015-01159
Reference:
https://bdu.fstec.ru/vul/2015-01159
FSTEC: BDU:2015-01158
FSTEC: BDU:2015-01158
Id:
BDU:2015-01158
Reference:
https://bdu.fstec.ru/vul/2015-01158
FSTEC: BDU:2015-01157
FSTEC: BDU:2015-01157
Id:
BDU:2015-01157
Reference:
https://bdu.fstec.ru/vul/2015-01157
FSTEC: BDU:2015-01156
FSTEC: BDU:2015-01156
Id:
BDU:2015-01156
Reference:
https://bdu.fstec.ru/vul/2015-01156
FSTEC: BDU:2015-01155
FSTEC: BDU:2015-01155
Id:
BDU:2015-01155
Reference:
https://bdu.fstec.ru/vul/2015-01155
FSTEC: BDU:2015-01154
FSTEC: BDU:2015-01154
Id:
BDU:2015-01154
Reference:
https://bdu.fstec.ru/vul/2015-01154
FSTEC: BDU:2015-01153
FSTEC: BDU:2015-01153
Id:
BDU:2015-01153
Reference:
https://bdu.fstec.ru/vul/2015-01153
FSTEC: BDU:2015-01152
FSTEC: BDU:2015-01152
Id:
BDU:2015-01152
Reference:
https://bdu.fstec.ru/vul/2015-01152
FSTEC: BDU:2015-01151
FSTEC: BDU:2015-01151
Id:
BDU:2015-01151
Reference:
https://bdu.fstec.ru/vul/2015-01151
FSTEC: BDU:2015-01150
FSTEC: BDU:2015-01150
Id:
BDU:2015-01150
Reference:
https://bdu.fstec.ru/vul/2015-01150
FSTEC: BDU:2015-01149
FSTEC: BDU:2015-01149
Id:
BDU:2015-01149
Reference:
https://bdu.fstec.ru/vul/2015-01149
FSTEC: BDU:2015-01148
FSTEC: BDU:2015-01148
Id:
BDU:2015-01148
Reference:
https://bdu.fstec.ru/vul/2015-01148
FSTEC: BDU:2015-01147
FSTEC: BDU:2015-01147
Id:
BDU:2015-01147
Reference:
https://bdu.fstec.ru/vul/2015-01147
FSTEC: BDU:2015-01146
FSTEC: BDU:2015-01146
Id:
BDU:2015-01146
Reference:
https://bdu.fstec.ru/vul/2015-01146
FSTEC: BDU:2015-01145
FSTEC: BDU:2015-01145
Id:
BDU:2015-01145
Reference:
https://bdu.fstec.ru/vul/2015-01145
FSTEC: BDU:2015-01144
FSTEC: BDU:2015-01144
Id:
BDU:2015-01144
Reference:
https://bdu.fstec.ru/vul/2015-01144
FSTEC: BDU:2015-01143
FSTEC: BDU:2015-01143
Id:
BDU:2015-01143
Reference:
https://bdu.fstec.ru/vul/2015-01143
FSTEC: BDU:2015-01142
FSTEC: BDU:2015-01142
Id:
BDU:2015-01142
Reference:
https://bdu.fstec.ru/vul/2015-01142
FSTEC: BDU:2015-01141
FSTEC: BDU:2015-01141
Id:
BDU:2015-01141
Reference:
https://bdu.fstec.ru/vul/2015-01141
FSTEC: BDU:2015-01140
FSTEC: BDU:2015-01140
Id:
BDU:2015-01140
Reference:
https://bdu.fstec.ru/vul/2015-01140
FSTEC: BDU:2015-01139
FSTEC: BDU:2015-01139
Id:
BDU:2015-01139
Reference:
https://bdu.fstec.ru/vul/2015-01139
FSTEC: BDU:2015-01138
FSTEC: BDU:2015-01138
Id:
BDU:2015-01138
Reference:
https://bdu.fstec.ru/vul/2015-01138
FSTEC: BDU:2015-01137
FSTEC: BDU:2015-01137
Id:
BDU:2015-01137
Reference:
https://bdu.fstec.ru/vul/2015-01137
FSTEC: BDU:2015-01136
FSTEC: BDU:2015-01136
Id:
BDU:2015-01136
Reference:
https://bdu.fstec.ru/vul/2015-01136
FSTEC: BDU:2015-01135
FSTEC: BDU:2015-01135
Id:
BDU:2015-01135
Reference:
https://bdu.fstec.ru/vul/2015-01135
FSTEC: BDU:2015-01134
FSTEC: BDU:2015-01134
Id:
BDU:2015-01134
Reference:
https://bdu.fstec.ru/vul/2015-01134
FSTEC: BDU:2017-00285
FSTEC: BDU:2017-00285
Id:
BDU:2017-00285
Reference:
https://bdu.fstec.ru/vul/2017-00285
CVE: CVE-2010-0296
CVE: CVE-2010-0296
Id:
CVE-2010-0296
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0296
Comment
: The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or possibly modify mount options and gain privileges, via a crafted mount request.
CVSSv2 Score:
7.2
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE:
20 (Improper Input Validation)
References:
USN-944-1 (UBUNTU)
https://bugzilla.redhat.com/show_bug.cgi?id=559579 (CONFIRM)
39900 (SECUNIA)
http://frugalware.org/security/662 (CONFIRM)
ADV-2010-1246 (VUPEN)
1024043 (SECTRACK)
MDVSA-2010:112 (MANDRIVA)
MDVSA-2010:111 (MANDRIVA)
DSA-2058 (DEBIAN)
GLSA-201011-01 (GENTOO)
43830 (SECUNIA)
RHSA-2011:0412 (REDHAT)
ADV-2011-0863 (VUPEN)
46397 (SECUNIA)
http://www.vmware.com/security/advisories/VMSA-2011-0012.html (CONFIRM)
SUSE-SA:2010:052 (SUSE)
gnuclibrary-encodenamemacro-dos(59240) (XF)
20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (BUGTRAQ)
20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series (FULLDISC)
20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series (BUGTRAQ)
http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html (MISC)
http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=ab00f4eac8f4932211259ff87be83144f5211540 (MISC)
VMware: VMSA-2011-0012
VMware: VMSA-2011-0012
Id:
VMSA-2011-0012
Reference:
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
Content available only for registered users!
ovaldb@altx-soft.com