Mandriva Linux Security Advisory : ncpfs (MDVSA-2010:061)
Low Nessus Plugin ID 45041
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionMultiple vulnerabilities has been found and corrected in ncpfs :
sutil/ncpumount.c in ncpumount in ncpfs 2.2.6 produces certain detailed error messages about the results of privileged file-access attempts, which allows local users to determine the existence of arbitrary files via the mountpoint name (CVE-2010-0790).
The (1) ncpmount, (2) ncpumount, and (3) ncplogin programs in ncpfs 2.2.6 do not properly create lock files, which allows local users to cause a denial of service (application failure) via unspecified vectors that trigger the creation of a /etc/mtab~ file that persists after the program exits (CVE-2010-0791).
Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.
The updated packages have been patched to correct these issues.
SolutionUpdate the affected packages.