|
Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2005:028: ncpfs Vulnerability Scan
Vulnerability Scan Summary Check for the version of the ncpfs package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2005:028 (ncpfs).
Erik Sjolund discovered two vulnerabilities in programs bundled with ncpfs. Due
to a flaw in nwclient.c, utilities that use the NetWare client functions
insecurely access files with elevated rights (CVE-2005-0013), and there is
a potentially exploitable buffer overflow in the ncplogin program
(CVE-2005-0014).
As well, an older vulnerability found by Karol Wiesek is corrected with these
new versions of ncpfs. Karol found a buffer overflow in the handling of the
'-T' option in the ncplogin and ncpmap utilities (CVE-2004-1079).
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:028
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|