|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200412-09] ncpfs: Buffer overflow in ncplogin and ncpmap Vulnerability Scan
Vulnerability Scan Summary ncpfs: Buffer overflow in ncplogin and ncpmap
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200412-09
(ncpfs: Buffer overflow in ncplogin and ncpmap)
Karol Wiesek discovered a buffer overflow in the handling of the
'-T' option in the ncplogin and ncpmap utilities, which are both
installed as SUID root by default.
Impact
A local attacker could trigger the buffer overflow by calling one
of these utilities with a carefully crafted command line, potentially
resulting in execution of arbitrary code with root rights.
Workaround
There is no known workaround at this time.
References:
http://lists.netsys.com/pipermail/full-disclosure/2004-November/029563.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1079
Solution:
All ncpfs users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-fs/ncpfs-2.2.5"
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|