Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в ncpfs
Опубликовано:11 марта 2010 г.
Источник:
SecurityVulns ID:10685
Тип:локальная
Уровень опасности:
5/10
Описание:DoS-условия, утечка информации.
Затронутые продукты:NCPFS : ncpfs 2.2
CVE:CVE-2010-0791 (The (1) ncpmount, (2) ncpumount, and (3) ncplogin programs in ncpfs 2.2.6 do not properly create lock files, which allows local users to cause a denial of service (application failure) via unspecified vectors that trigger the creation of a /etc/mtab~ file that persists after the program exits.)
 CVE-2010-0790 (sutil/ncpumount.c in ncpumount in ncpfs 2.2.6 produces certain detailed error messages about the results of privileged file-access attempts, which allows local users to determine the existence of arbitrary files via the mountpoint name.)
 CVE-2010-0788 (ncpfs 2.2.6 allows local users to cause a denial of service, obtain sensitive information, or possibly gain privileges via symlink attacks involving the (1) ncpmount and (2) ncpumount programs.)
Оригинальный текстdocumentDan Rosenberg, ncpfs, Multiple Vulnerabilities (11.03.2010)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород