Vulnerability Bulletins |
Múltiples vulnerabilidades en ncpfs |
|
Vulnerability classification |
|
Property | Value |
Confidence level | Oficial |
Impact | Aumento de privilegios |
Dificulty | Experto |
Required attacker level | Acceso remoto con cuenta |
System information |
|
Property | Value |
Affected manufacturer | GNU/Linux |
Affected software | ncpfs |
Description |
|
Se han descubierto dos vulnerabilidades en ncpfs. - CAN-2005-0013: Debido a un error en nwclient.c utilidades que utilizan las funciones de cliente de NetWare acceden a archivos de forma insegura con privilegios. -CAN-2005-0014: Un desbordamiento de búfer en el programa ncplogin. La explotación de estas vulnerabilidades podría permitir a un atacante local obtener un aumento de privilegios. |
|
Solution |
|
Actualización de software Mandrake Linux Mandrakelinux 10.0 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/ipxutils-2.2.6-0.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/libncpfs2.3-2.2.6-0.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/libncpfs2.3-devel-2.2.6-0.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/ncpfs-2.2.6-0.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/ncpfs-2.2.6-0.1.100mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/ipxutils-2.2.6-0.1.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/lib64ncpfs2.3-2.2.6-0.1.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/lib64ncpfs2.3-devel-2.2.6-0.1.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/ncpfs-2.2.6-0.1.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/ncpfs-2.2.6-0.1.100mdk.src.rpm Mandrakelinux 10.1 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/ipxutils-2.2.6-0.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/libncpfs2.3-2.2.6-0.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/libncpfs2.3-devel-2.2.6-0.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/ncpfs-2.2.6-0.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/SRPMS/ncpfs-2.2.6-0.1.101mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/ipxutils-2.2.6-0.1.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/lib64ncpfs2.3-2.2.6-0.1.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/lib64ncpfs2.3-devel-2.2.6-0.1.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/ncpfs-2.2.6-0.1.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/SRPMS/ncpfs-2.2.6-0.1.101mdk.src.rpm Mandrake Corporate Server 2.1 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/ipxutils-2.2.6-0.1.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/ncpfs-2.2.6-0.1.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/SRPMS/ncpfs-2.2.6-0.1.C21mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/ipxutils-2.2.6-0.1.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/ncpfs-2.2.6-0.1.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/SRPMS/ncpfs-2.2.6-0.1.C21mdk.src.rpm Mandrake Corporate Server 3.0 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/ipxutils-2.2.6-0.1.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/libncpfs2.3-2.2.6-0.1.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/libncpfs2.3-devel-2.2.6-0.1.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/ncpfs-2.2.6-0.1.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/ncpfs-2.2.6-0.1.C30mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/ipxutils-2.2.6-0.1.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/lib64ncpfs2.3-2.2.6-0.1.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/lib64ncpfs2.3-devel-2.2.6-0.1.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/ncpfs-2.2.6-0.1.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/SRPMS/ncpfs-2.2.6-0.1.C30mdk.src.rpm SUSE Linux Distribuciones basadas en SUSE Linux - Actualizar mediante YaST Online Update Red Hat Linux Red Hat Enterprise Linux AS (v. 2.1) Red Hat Enterprise Linux ES (v. 2.1) Red Hat Linux Advanced Workstation 2.1 Itanium Processor https://rhn.redhat.com/ |
|
Standar resources |
|
Property | Value |
CVE |
CAN-2005-0013 CAN-2005-0014 |
BID | |
Other resources |
|
Mandrakesoft Security Advisories MDKSA-2005:028 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:028 SUSE Security Summary Report SUSE-SR:2005:003 http://www.novell.com/linux/security/advisories/2005_03_sr.html Red Hat Security Advisory RHSA-2005:371-06 https://rhn.redhat.com/errata/RHSA-2005-371.html |
Version history |
||
Version | Comments | Date |
1.0 | Aviso emitido | 2005-02-02 |
1.1 | Aviso emitido por SUSE (SUSE-SR:2005:003) | 2005-02-07 |
1.2 | Aviso emitido por Red Hat (RHSA-2005:371-06) | 2005-05-18 |