Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200412-09] ncpfs: Buffer overflow in ncplogin and ncpmap Vulnerability Scan
Vulnerability Scan Summary
ncpfs: Buffer overflow in ncplogin and ncpmap
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200412-09
(ncpfs: Buffer overflow in ncplogin and ncpmap)
Karol Wiesek discovered a buffer overflow in the handling of the
'-T' option in the ncplogin and ncpmap utilities, which are both
installed as SUID root by default.
A local attacker could trigger the buffer overflow by calling one
of these utilities with a carefully crafted command line, potentially
resulting in execution of arbitrary code with root rights.
There is no known workaround at this time.
All ncpfs users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-fs/ncpfs-2.2.5"
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.