Buffer overflow in (1) ncplogin and (2) ncpmap in nwclient.c for ncpfs 2.2.4, and possibly other versions, may allow local users to gain privileges via a long -T option.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ncpfs | ncpfs | 2.2.3 |
| ncpfs | ncpfs | 2.2.1 |
| ncpfs | ncpfs | 2.2.4 |
| ncpfs | ncpfs | 2.2.2 |
nwclient.c in ncpfs before 2.2.6 does not drop root privileges before executing utilities using the NetWare client functions, which allows local users to gain privileges.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ncpfs | ncpfs | 2.2.3 |
| ncpfs | ncpfs | 2.2.1 |
| ncpfs | ncpfs | 2.2.4 |
| ncpfs | ncpfs | 2.2.5 |
| ncpfs | ncpfs | 2.2.2 |
Buffer overflow in ncplogin in ncpfs before 2.2.6 allows remote malicious NetWare servers to execute arbitrary code on the NetWare client.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ncpfs | ncpfs | 2.2.3 |
| ncpfs | ncpfs | * |
| ncpfs | ncpfs | 2.2.1 |
| ncpfs | ncpfs | 2.2.4 |
| ncpfs | ncpfs | 2.2.2 |
ncpfs 2.2.6 allows local users to cause a denial of service, obtain sensitive information, or possibly gain privileges via symlink attacks involving the (1) ncpmount and (2) ncpumount programs.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ncpfs | ncpfs | 2.2.6 |
sutil/ncpumount.c in ncpumount in ncpfs 2.2.6 produces certain detailed error messages about the results of privileged file-access attempts, which allows local users to determine the existence of arbitrary files via the mountpoint name.
CVSS 2.0
Severity: LOW
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ncpfs | ncpfs | 2.2.6 |
The (1) ncpmount, (2) ncpumount, and (3) ncplogin programs in ncpfs 2.2.6 do not properly create lock files, which allows local users to cause a denial of service (application failure) via unspecified vectors that trigger the creation of a /etc/mtab~ file that persists after the program exits.
CVSS 2.0
Severity: LOW
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ncpfs | ncpfs | 2.2.6 |
ncpfs 2.2.6 and earlier attempts to use (1) ncpmount to append to the /etc/mtab file and (2) ncpumount to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.
CVSS 2.0
Severity: LOW
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ncpfs | ncpfs | 2.2.3 |
| ncpfs | ncpfs | * |
| ncpfs | ncpfs | 2.2.1 |
| ncpfs | ncpfs | 2.2.4 |
| ncpfs | ncpfs | 2.2.5 |
| ncpfs | ncpfs | 2.2.2 |
ncpmount in ncpfs 2.2.6 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ncpfs | ncpfs | 2.2.3 |
| ncpfs | ncpfs | * |
| ncpfs | ncpfs | 2.2.1 |
| ncpfs | ncpfs | 2.2.4 |
| ncpfs | ncpfs | 2.2.5 |
| ncpfs | ncpfs | 2.2.2 |