|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 7099 CVE : CVE-2010-0790 CVE : CVE-2010-0791 CWE : CWE-200 CWE : CWE-264 SecurityRisk : Medium  (About) Remote Exploit : No Local Exploit : Yes Victim interaction required : No Exploit Available : No Credit : dan j rosenberg Published : 11.03.2010
Advisory Content : =========================================== ncpfs, Multiple Vulnerabilities March 5, 2010 CVE-2010-0788, CVE-2010-0790, CVE-2010-0791 ============================================ ==Description== The ncpmount, ncpumount, and ncplogin utilities, installed as part of the ncpfs package, contain several vulnerabilities. 1. ncpmount, ncpumount, and ncplogin are vulnerable to race conditions that allow a local attacker to unmount arbitrary mountpoints, causing denial-of-service, or mount Netware shares to arbitrary directories, potentially leading to root compromise. This issue was formerly assigned CVE-2009-3297, but has since been re-assigned CVE-2010-0788 to avoid overlap with related bugs in other packages. 2. ncpumount is vulnerable to an information disclosure vulnerability that allows a local attacker to verify the existence of arbitrary files, violating directory permissions. This issue has been assigned CVE-2010-0790. 3. ncpmount, ncpumount, and ncplogin create lockfiles insecurely, allowing a local attacker to leave a stale lockfile at /etc/mtab~, causing other mount utilities to fail and creating denial-of-service conditions. This issue has been assigned CVE-2010-0791. ==Workaround== If unprivileged users do not need the ability to mount and unmount Netware shares, then the suid bit should be removed from these utilities. ==Solution== A patch has been released that resolves these issues (attached to this advisory). ncpfs-2.2.6.partial.patch is intended for ncpfs releases that have already been patched against the first vulnerability in this report (CVE-2010-0788, formerly CVE-2009-3297). It has been tested against the latest ncpfs packages distributed by Fedora, Red Hat, and Mandriva. ncpfs-2.2.6.full.patch is intended for ncpfs releases that have not been patched against any of these vulnerabilities. It has been tested against the latest ncpfs packages distributed by Debian, Ubuntu, and the upstream release (ftp://platan.vc.cvut.cz/pub/linux/ncpfs/). Users are advised to recompile from source, or request updated packages from downstream distributors. ==Credits== These vulnerabilities were discovered by Dan Rosenberg (dan.j.rosenberg () gmail com). Thanks to Vitezslav Crhonek for the patch against the first issue. ==References== CVE identifiers CVE-2010-0788, CVE-2010-0790, and CVE-2010-0791 have been assigned to these issues. References : http://seclists.org/fulldisclosure/2010/Mar/122
http://www.securityfocus.com/bid/38563
http://www.securityfocus.com/archive/1/archive/1/509894/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/509893/100/0/threaded  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
Allow attacker to denial of service apache 2.2.17 server |
||
| Apache |  |
|
| PHP | |
|
» libzip 0.9.3 |
||
| ADT | ||
Protect your family and valuables with Home Security Systems |
||
- 2011-05-13| Copyright © SecurityReason.com. All Rights Reserved. |