Mandrake Linux Security Advisory : ncpfs (MDKSA-2005:028)
High Nessus Plugin ID 16294
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionErik Sjolund discovered two vulnerabilities in programs bundled with ncpfs. Due to a flaw in nwclient.c, utilities that use the NetWare client functions insecurely access files with elevated privileges (CVE-2005-0013), and there is a potentially exploitable buffer overflow in the ncplogin program (CVE-2005-0014).
As well, an older vulnerability found by Karol Wiesek is corrected with these new versions of ncpfs. Karol found a buffer overflow in the handling of the '-T' option in the ncplogin and ncpmap utilities (CVE-2004-1079).
SolutionUpdate the affected packages.