| Summary: | net-fs/ncpfs: multiple vulnerabilities (CVE-2010-{0788,0790,0791}) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Stefan Behte (RETIRED) <craig> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | trivial | CC: | net-fs |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://bugzilla.redhat.com/show_bug.cgi?id=558833 | ||
| Whiteboard: | ~4 [ebuild] | ||
| Package list: | Runtime testing required: | --- | |
|
Description
Stefan Behte (RETIRED)
2010-03-06 15:59:15 UTC
Let's combine these two minor issues here. CVE-2010-0790 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0790): sutil/ncpumount.c in ncpumount in ncpfs 2.2.6 produces certain detailed error messages about the results of privileged file-access attempts, which allows local users to determine the existence of arbitrary files via the mountpoint name. CVE-2010-0791 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0791): The (1) ncpmount, (2) ncpumount, and (3) ncplogin programs in ncpfs 2.2.6 do not properly create lock files, which allows local users to cause a denial of service (application failure) via unspecified vectors that trigger the creation of a /etc/mtab~ file that persists after the program exits. CVE-2010-0790 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0790): sutil/ncpumount.c in ncpumount in ncpfs 2.2.6 produces certain detailed error messages about the results of privileged file-access attempts, which allows local users to determine the existence of arbitrary files via the mountpoint name. CVE-2010-0791 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0791): The (1) ncpmount, (2) ncpumount, and (3) ncplogin programs in ncpfs 2.2.6 do not properly create lock files, which allows local users to cause a denial of service (application failure) via unspecified vectors that trigger the creation of a /etc/mtab~ file that persists after the program exits. Fixed in ncpfs-2.2.6-r2. Thanks! |