Computer Security
[EN] securityvulns.ru no-pyccku


ncpfs multiple security vulnerabilities
Published:11.03.2010
Source:
SecurityVulns ID:10685
Type:local
Threat Level:
5/10
Description:DoS conditions, information disclosure.
Affected:NCPFS : ncpfs 2.2
CVE:CVE-2010-0791 (The (1) ncpmount, (2) ncpumount, and (3) ncplogin programs in ncpfs 2.2.6 do not properly create lock files, which allows local users to cause a denial of service (application failure) via unspecified vectors that trigger the creation of a /etc/mtab~ file that persists after the program exits.)
 CVE-2010-0790 (sutil/ncpumount.c in ncpumount in ncpfs 2.2.6 produces certain detailed error messages about the results of privileged file-access attempts, which allows local users to determine the existence of arbitrary files via the mountpoint name.)
 CVE-2010-0788 (ncpfs 2.2.6 allows local users to cause a denial of service, obtain sensitive information, or possibly gain privileges via symlink attacks involving the (1) ncpmount and (2) ncpumount programs.)
Original documentdocumentDan Rosenberg, ncpfs, Multiple Vulnerabilities (11.03.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod