Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2010:061 (ncpfs)

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.66983

Category: Mandrake Local Security Checks

Title: Mandriva Security Advisory MDVSA-2010:061 (ncpfs)

Summary: NOSUMMARY

Description: Description:
The remote host is missing an update to ncpfs
announced via advisory MDVSA-2010:061.

Multiple vulnerabilities has been found and corrected in ncpfs:

sutil/ncpumount.c in ncpumount in ncpfs 2.2.6 produces certain detailed
error messages about the results of privileged file-access attempts,
which allows local users to determine the existence of arbitrary
files via the mountpoint name (CVE-2010-0790).

The (1) ncpmount, (2) ncpumount, and (3) ncplogin programs in ncpfs
2.2.6 do not properly create lock files, which allows local users
to cause a denial of service (application failure) via unspecified
vectors that trigger the creation of a /etc/mtab~
file that persists
after the program exits (CVE-2010-0791).

Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.

The updated packages have been patched to correct these issues.

Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0,
Enterprise Server 5.0, Multi Network Firewall 2.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2010:061

Risk factor : Medium

CVSS Score:
2.1

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-0790
BugTraq ID: 38563
http://www.securityfocus.com/bid/38563
Bugtraq: 20100305 Re: ncpfs, Multiple Vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/509894/100/0/threaded
Bugtraq: 20100305 ncpfs, Multiple Vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/509893/100/0/threaded
http://seclists.org/fulldisclosure/2010/Mar/122
SuSE Security Announcement: SUSE-SR:2010:012 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html
SuSE Security Announcement: SUSE-SR:2010:013 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
Common Vulnerability Exposure (CVE) ID: CVE-2010-0791

Copyright Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.66983
Category:	Mandrake Local Security Checks
Title:	Mandriva Security Advisory MDVSA-2010:061 (ncpfs)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to ncpfs announced via advisory MDVSA-2010:061. Multiple vulnerabilities has been found and corrected in ncpfs: sutil/ncpumount.c in ncpumount in ncpfs 2.2.6 produces certain detailed error messages about the results of privileged file-access attempts, which allows local users to determine the existence of arbitrary files via the mountpoint name (CVE-2010-0790). The (1) ncpmount, (2) ncpumount, and (3) ncplogin programs in ncpfs 2.2.6 do not properly create lock files, which allows local users to cause a denial of service (application failure) via unspecified vectors that trigger the creation of a /etc/mtab~ file that persists after the program exits (CVE-2010-0791). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct these issues. Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0, Enterprise Server 5.0, Multi Network Firewall 2.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2010:061 Risk factor : Medium CVSS Score: 2.1
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-0790 BugTraq ID: 38563 http://www.securityfocus.com/bid/38563 Bugtraq: 20100305 Re: ncpfs, Multiple Vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/509894/100/0/threaded Bugtraq: 20100305 ncpfs, Multiple Vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/509893/100/0/threaded http://seclists.org/fulldisclosure/2010/Mar/122 SuSE Security Announcement: SUSE-SR:2010:012 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html SuSE Security Announcement: SUSE-SR:2010:013 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html Common Vulnerability Exposure (CVE) ID: CVE-2010-0791
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com