Vulnerability Bulletins

int(1332)

Vulnerability Bulletins

Múltiples vulnerabilidades en ncpfs
Vulnerability classification
Property	Value
Confidence level	Oficial
Impact	Aumento de privilegios
Dificulty	Experto
Required attacker level	Acceso remoto con cuenta
System information
Property	Value
Affected manufacturer	GNU/Linux
Affected software	ncpfs
Description
Se han descubierto dos vulnerabilidades en ncpfs. - CAN-2005-0013: Debido a un error en nwclient.c utilidades que utilizan las funciones de cliente de NetWare acceden a archivos de forma insegura con privilegios. -CAN-2005-0014: Un desbordamiento de búfer en el programa ncplogin. La explotación de estas vulnerabilidades podría permitir a un atacante local obtener un aumento de privilegios.
Solution
Actualización de software Mandrake Linux Mandrakelinux 10.0 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/ipxutils-2.2.6-0.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/libncpfs2.3-2.2.6-0.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/libncpfs2.3-devel-2.2.6-0.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/ncpfs-2.2.6-0.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/ncpfs-2.2.6-0.1.100mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/ipxutils-2.2.6-0.1.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/lib64ncpfs2.3-2.2.6-0.1.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/lib64ncpfs2.3-devel-2.2.6-0.1.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/ncpfs-2.2.6-0.1.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/ncpfs-2.2.6-0.1.100mdk.src.rpm Mandrakelinux 10.1 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/ipxutils-2.2.6-0.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/libncpfs2.3-2.2.6-0.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/libncpfs2.3-devel-2.2.6-0.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/ncpfs-2.2.6-0.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/SRPMS/ncpfs-2.2.6-0.1.101mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/ipxutils-2.2.6-0.1.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/lib64ncpfs2.3-2.2.6-0.1.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/lib64ncpfs2.3-devel-2.2.6-0.1.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/ncpfs-2.2.6-0.1.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/SRPMS/ncpfs-2.2.6-0.1.101mdk.src.rpm Mandrake Corporate Server 2.1 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/ipxutils-2.2.6-0.1.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/ncpfs-2.2.6-0.1.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/SRPMS/ncpfs-2.2.6-0.1.C21mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/ipxutils-2.2.6-0.1.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/ncpfs-2.2.6-0.1.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/SRPMS/ncpfs-2.2.6-0.1.C21mdk.src.rpm Mandrake Corporate Server 3.0 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/ipxutils-2.2.6-0.1.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/libncpfs2.3-2.2.6-0.1.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/libncpfs2.3-devel-2.2.6-0.1.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/ncpfs-2.2.6-0.1.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/ncpfs-2.2.6-0.1.C30mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/ipxutils-2.2.6-0.1.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/lib64ncpfs2.3-2.2.6-0.1.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/lib64ncpfs2.3-devel-2.2.6-0.1.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/ncpfs-2.2.6-0.1.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/SRPMS/ncpfs-2.2.6-0.1.C30mdk.src.rpm SUSE Linux Distribuciones basadas en SUSE Linux - Actualizar mediante YaST Online Update Red Hat Linux Red Hat Enterprise Linux AS (v. 2.1) Red Hat Enterprise Linux ES (v. 2.1) Red Hat Linux Advanced Workstation 2.1 Itanium Processor https://rhn.redhat.com/
Standar resources
Property	Value
CVE	CAN-2005-0013 CAN-2005-0014
BID
Other resources
Mandrakesoft Security Advisories MDKSA-2005:028 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:028 SUSE Security Summary Report SUSE-SR:2005:003 http://www.novell.com/linux/security/advisories/2005_03_sr.html Red Hat Security Advisory RHSA-2005:371-06 https://rhn.redhat.com/errata/RHSA-2005-371.html

Version history
Version	Comments	Date
1.0	Aviso emitido	2005-02-02
1.1	Aviso emitido por SUSE (SUSE-SR:2005:003)	2005-02-07
1.2	Aviso emitido por Red Hat (RHSA-2005:371-06)	2005-05-18

Vulnerability Bulletins

Múltiples vulnerabilidades en ncpfs

Vulnerability classification

System information

Description

Solution

Standar resources

Other resources

Version history