Mandriva Linux Security Advisory : ncpfs (MDVSA-2010:061)

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Multiple vulnerabilities has been found and corrected in ncpfs :

sutil/ncpumount.c in ncpumount in ncpfs 2.2.6 produces certain
detailed error messages about the results of privileged file-access
attempts, which allows local users to determine the existence of
arbitrary files via the mountpoint name (CVE-2010-0790).

The (1) ncpmount, (2) ncpumount, and (3) ncplogin programs in ncpfs
2.2.6 do not properly create lock files, which allows local users to
cause a denial of service (application failure) via unspecified
vectors that trigger the creation of a /etc/mtab~ file that persists
after the program exits (CVE-2010-0791).

Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.

The updated packages have been patched to correct these issues.

Solution :

Update the affected packages.

Risk factor :

Low / CVSS Base Score : 2.1
(CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 45041 (mandriva_MDVSA-2010-061.nasl)

Bugtraq ID:

CVE ID: CVE-2010-0790
CVE-2010-0791

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now