|
|
|
|
| |
Credit:
The information has been provided by Dan Rosenberg.
|
| |
Vulnerable Systems:
* ncpfs version 2.2.6
ncpmount, ncpumount, and ncplogin are vulnerable to race conditions that allow a local attacker to unmount arbitrary mountpoints, causing denial-of-service, or mount Netware shares to arbitrary directories, potentially leading to root compromise. This issue was formerly assigned CVE-2009-3297, but has since been re-assigned CVE-2010-0788 to avoid overlap with related bugs in other packages.
ncpumount is vulnerable to an information disclosure vulnerability that allows a local attacker to verify the existence of arbitrary files, violating directory permissions. This issue has been assigned CVE-2010-0790.
ncpmount, ncpumount, and ncplogin create lockfiles insecurely, allowing a local attacker to leave a stale lockfile at /etc/mtab~, causing other mount utilities to fail and creating denial-of-service conditions. This issue has been assigned CVE-2010-0791.
Patch Availability:
A patch has been released that resolves these issues. ncpfs-2.2.6.partial.patch is intended for ncpfs releases that have already been patched against the first vulnerability in this report (CVE-2010-0788, formerly CVE-2009-3297). It has been tested against the latest ncpfs packages distributed by Fedora, Red Hat, and Mandriva. ncpfs-2.2.6.full.patch is intended for ncpfs releases that have not been patched against any of these vulnerabilities. It has been tested against the latest ncpfs packages distributed by Debian, Ubuntu, and the upstream release (ftp://platan.vc.cvut.cz/pub/linux/ncpfs/).
Users are advised to recompile from source, or request updated packages from downstream distributors.
CVE Information:
CVE-2010-0788
CVE-2010-0790
CVE-2010-0791
Disclosure Timeline:
March 5, 2010: Advisory published
|
|
|
|
|
