Paketname
ncpfs
Datum
2010-03-11
Advisory ID
MDVSA-2010:061
Betroffene Versionen
2009.0 x86_64 , MES5 i586 , MNF2.0 i586 , 2010.0 x86_64 , 2010.0 i586 , 2009.1 i586 , 2009.0 i586 , CS4.0 i586 , 2008.0 x86_64 , CS4.0 x86_64 , 2008.0 i586 , 2009.1 x86_64 , MES5 x86_64

Problembeschreibung

Multiple vulnerabilities has been found and corrected in ncpfs:

sutil/ncpumount.c in ncpumount in ncpfs 2.2.6 produces certain detailed
error messages about the results of privileged file-access attempts,
which allows local users to determine the existence of arbitrary
files via the mountpoint name (CVE-2010-0790).

The (1) ncpmount, (2) ncpumount, and (3) ncplogin programs in ncpfs
2.2.6 do not properly create lock files, which allows local users
to cause a denial of service (application failure) via unspecified
vectors that trigger the creation of a /etc/mtab~ file that persists
after the program exits (CVE-2010-0791).

Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.

The updated packages have been patched to correct these issues.

Aktualisierte Pakete

2009.0 x86_64

 8e2466b981f678e0300c005d2891b727  2009.0/x86_64/ipxutils-2.2.6-6.2mdv2009.0.x86_64.rpm
 853cf68f0b74bb5338b4a59a2c851f3f  2009.0/x86_64/lib64ncpfs2.3-2.2.6-6.2mdv2009.0.x86_64.rpm
 784e732a2fc55020081a49f08860c0b4  2009.0/x86_64/lib64ncpfs-devel-2.2.6-6.2mdv2009.0.x86_64.rpm
 2c60654e5812e8b2bed23dd25b92a2e6  2009.0/x86_64/ncpfs-2.2.6-6.2mdv2009.0.x86_64.rpm 
 c80af8183956c89533f5d29018a5da3f  2009.0/SRPMS/ncpfs-2.2.6-6.2mdv2009.0.src.rpm

MES5 i586

 67e97534bae7efeb19fbcc9903b6abc0  mes5/i586/ipxutils-2.2.6-6.2mdvmes5.i586.rpm
 9a40d5174ab91bbce961034c60708f15  mes5/i586/libncpfs2.3-2.2.6-6.2mdvmes5.i586.rpm
 5ae0613e36539f1be008969522dbaa95  mes5/i586/libncpfs-devel-2.2.6-6.2mdvmes5.i586.rpm
 30b0ec51a7ab456ecaeb3d98fc6ba292  mes5/i586/ncpfs-2.2.6-6.2mdvmes5.i586.rpm 
 c16bd63bb48549bbee38c14b280c5d54  mes5/SRPMS/ncpfs-2.2.6-6.2mdv2009.0.src.rpm

MNF2.0 i586

 8024befbd43bcf81f84103753610bbb7  mnf/2.0/i586/ipxutils-2.2.6-0.3.M20mdk.i586.rpm
 d97f0d32ad39007d7b2c4634bc84fd27  mnf/2.0/i586/libncpfs2.3-2.2.6-0.3.M20mdk.i586.rpm
 027010fa612a861b59e7b2fb15d7b834  mnf/2.0/i586/libncpfs2.3-devel-2.2.6-0.3.M20mdk.i586.rpm
 4c0f378c6fcc6e2f44688d85435aa439  mnf/2.0/i586/ncpfs-2.2.6-0.3.M20mdk.i586.rpm 
 5a0d9c59bc8086de2bff5667368410e4  mnf/2.0/SRPMS/ncpfs-2.2.6-0.3.M20mdk.src.rpm

2010.0 x86_64

 7a92ccdf00e1969312ceba039a383c5b  2010.0/x86_64/ipxutils-2.2.6-7.2mdv2010.0.x86_64.rpm
 090c7dfaa946377d3973e059133db67c  2010.0/x86_64/lib64ncpfs2.3-2.2.6-7.2mdv2010.0.x86_64.rpm
 b3157282b6c4a3b8d2e5c996a9dc48b4  2010.0/x86_64/lib64ncpfs-devel-2.2.6-7.2mdv2010.0.x86_64.rpm
 722201fa17838a7bbcf75afe9e51d0b9  2010.0/x86_64/ncpfs-2.2.6-7.2mdv2010.0.x86_64.rpm 
 832c3cf3bd76b027e3551f21c42d4e63  2010.0/SRPMS/ncpfs-2.2.6-7.2mdv2010.0.src.rpm

2010.0 i586

 f848b1bfb0d52e4dcdec0b9808ac509a  2010.0/i586/ipxutils-2.2.6-7.2mdv2010.0.i586.rpm
 54aa704c0b1af11e042dcd9672de3e25  2010.0/i586/libncpfs2.3-2.2.6-7.2mdv2010.0.i586.rpm
 93a2e667cd3543960897e35d2cb0cab8  2010.0/i586/libncpfs-devel-2.2.6-7.2mdv2010.0.i586.rpm
 1f8d2304c8140ef4a9f86c5f91dc2503  2010.0/i586/ncpfs-2.2.6-7.2mdv2010.0.i586.rpm 
 832c3cf3bd76b027e3551f21c42d4e63  2010.0/SRPMS/ncpfs-2.2.6-7.2mdv2010.0.src.rpm

2009.1 i586

 550f4e8f2220a1f9897e8acf9c8aa35d  2009.1/i586/ipxutils-2.2.6-7.2mdv2009.1.i586.rpm
 99a731ac177a83950ec5d08a1a2f74cf  2009.1/i586/libncpfs2.3-2.2.6-7.2mdv2009.1.i586.rpm
 5ffd14de2ec5a3585967ca0bdcff5268  2009.1/i586/libncpfs-devel-2.2.6-7.2mdv2009.1.i586.rpm
 04232470e8c0206cf211d2bb991eb5f2  2009.1/i586/ncpfs-2.2.6-7.2mdv2009.1.i586.rpm 
 f9959c23aba2806c3f7fd3078b58d233  2009.1/SRPMS/ncpfs-2.2.6-7.2mdv2009.1.src.rpm

2009.0 i586

 df608af475e518bc672ec54080a71129  2009.0/i586/ipxutils-2.2.6-6.2mdv2009.0.i586.rpm
 bc02fbfe14425e3a3085c9b08c99ae1c  2009.0/i586/libncpfs2.3-2.2.6-6.2mdv2009.0.i586.rpm
 ee0c1b55e7d8135de3d904de32fffba4  2009.0/i586/libncpfs-devel-2.2.6-6.2mdv2009.0.i586.rpm
 32a63bfd400cd0a12cf2f98dbbb2fe37  2009.0/i586/ncpfs-2.2.6-6.2mdv2009.0.i586.rpm 
 c80af8183956c89533f5d29018a5da3f  2009.0/SRPMS/ncpfs-2.2.6-6.2mdv2009.0.src.rpm

CS4.0 i586

 36221d2e2f7f7b6f1afaf8a0fbb4cc43  corporate/4.0/i586/ipxutils-2.2.6-1.2.20060mlcs4.i586.rpm
 04ed54c9ef53c7b7bc8d6c5bc82875ec  corporate/4.0/i586/libncpfs2.3-2.2.6-1.2.20060mlcs4.i586.rpm
 ffc910168a47678c9e26b8a999eebba1  corporate/4.0/i586/libncpfs2.3-devel-2.2.6-1.2.20060mlcs4.i586.rpm
 d62caa887b9a0afede029092cb94210c  corporate/4.0/i586/ncpfs-2.2.6-1.2.20060mlcs4.i586.rpm 
 ad5fc693c4b8099f793e60fd8e362497  corporate/4.0/SRPMS/ncpfs-2.2.6-1.2.20060mlcs4.src.rpm

2008.0 x86_64

 317825e9ba230cb79948eabfffb909f3  2008.0/x86_64/ipxutils-2.2.6-3.2mdv2008.0.x86_64.rpm
 532c1b50f1e7e3c18a8e78c6d9a99674  2008.0/x86_64/lib64ncpfs2.3-2.2.6-3.2mdv2008.0.x86_64.rpm
 05509d44fa66199cce0e607f5f748ce8  2008.0/x86_64/lib64ncpfs2.3-devel-2.2.6-3.2mdv2008.0.x86_64.rpm
 755ee4bbf43040f15faeefad1d6b9bd1  2008.0/x86_64/ncpfs-2.2.6-3.2mdv2008.0.x86_64.rpm 
 5fefe503c4ae846c53e1311c9b7d0fd9  2008.0/SRPMS/ncpfs-2.2.6-3.2mdv2008.0.src.rpm

CS4.0 x86_64

 010aac4bbd8b97be07f4cf95728aa73f  corporate/4.0/x86_64/ipxutils-2.2.6-1.2.20060mlcs4.x86_64.rpm
 dafdc2c37fd80aa4dd23e909cb443600  corporate/4.0/x86_64/lib64ncpfs2.3-2.2.6-1.2.20060mlcs4.x86_64.rpm
 82ddb2436bdf862367339606b2458373  corporate/4.0/x86_64/lib64ncpfs2.3-devel-2.2.6-1.2.20060mlcs4.x86_64.rpm
 2102a419baacc322e3323a2db9b7bd0c  corporate/4.0/x86_64/ncpfs-2.2.6-1.2.20060mlcs4.x86_64.rpm 
 ad5fc693c4b8099f793e60fd8e362497  corporate/4.0/SRPMS/ncpfs-2.2.6-1.2.20060mlcs4.src.rpm

2008.0 i586

 f7a8ca8faffce840a6814724a9f4e13a  2008.0/i586/ipxutils-2.2.6-3.2mdv2008.0.i586.rpm
 e26483fd14e02674e71ad594181ed79e  2008.0/i586/libncpfs2.3-2.2.6-3.2mdv2008.0.i586.rpm
 9451cbbdd8249de6f9c6b2419ae747f9  2008.0/i586/libncpfs2.3-devel-2.2.6-3.2mdv2008.0.i586.rpm
 84d5f1ef0b99acc91bb24554f3f77ae1  2008.0/i586/ncpfs-2.2.6-3.2mdv2008.0.i586.rpm 
 5fefe503c4ae846c53e1311c9b7d0fd9  2008.0/SRPMS/ncpfs-2.2.6-3.2mdv2008.0.src.rpm

2009.1 x86_64

 11400b2d8f1e646ce3913d6a4f9370dc  2009.1/x86_64/ipxutils-2.2.6-7.2mdv2009.1.x86_64.rpm
 90c272182b6d9fb9fdc64dec5ae2a030  2009.1/x86_64/lib64ncpfs2.3-2.2.6-7.2mdv2009.1.x86_64.rpm
 66cfe5705b55b4c1aaa0907dabf77a91  2009.1/x86_64/lib64ncpfs-devel-2.2.6-7.2mdv2009.1.x86_64.rpm
 0ff7654b1c841d8a1fb9d4c45d808306  2009.1/x86_64/ncpfs-2.2.6-7.2mdv2009.1.x86_64.rpm 
 f9959c23aba2806c3f7fd3078b58d233  2009.1/SRPMS/ncpfs-2.2.6-7.2mdv2009.1.src.rpm

MES5 x86_64

 2ea07838c868cf99959b263831cfe51f  mes5/x86_64/ipxutils-2.2.6-6.2mdvmes5.x86_64.rpm
 28c1d5b37556e3143badbf296e6faf59  mes5/x86_64/lib64ncpfs2.3-2.2.6-6.2mdvmes5.x86_64.rpm
 5b697ab26fa6709fd6fb759c0893921e  mes5/x86_64/lib64ncpfs-devel-2.2.6-6.2mdvmes5.x86_64.rpm
 b9674e0cbbb6c61f711760fa05152d26  mes5/x86_64/ncpfs-2.2.6-6.2mdvmes5.x86_64.rpm 
 c16bd63bb48549bbee38c14b280c5d54  mes5/SRPMS/ncpfs-2.2.6-6.2mdv2009.0.src.rpm

Referenzen