Package name
ncpfs
Date
2013-04-05
Advisory ID
MDVSA-2013:048
Affected versions
MBS1 x86_64

Problem description

Multiple vulnerabilities has been discovered and corrected in ncpfs:

ncpfs 2.2.6 and earlier attempts to use (1) ncpmount to append to
the /etc/mtab file and (2) ncpumount to append to the /etc/mtab.tmp
file without first checking whether resource limits would interfere,
which allows local users to trigger corruption of the /etc/mtab file
via a process with a small RLIMIT_FSIZE value, a related issue to
CVE-2011-1089 (CVE-2011-1679).

ncpmount in ncpfs 2.2.6 and earlier does not remove the /etc/mtab~
lock file after a failed attempt to add a mount entry, which has
unspecified impact and local attack vectors (CVE-2011-1680).

The updated packages have been patched to correct these issues.

Updated packages

MBS1 x86_64

 c2a727406433af38bc350b28b943ffd5  mbs1/x86_64/ipxutils-2.2.6-11.1.mbs1.x86_64.rpm
 9e6cfac7329f76a0216b19939d9811de  mbs1/x86_64/lib64ncpfs2.3-2.2.6-11.1.mbs1.x86_64.rpm
 5ad7576e7f77873503f643e14b296cda  mbs1/x86_64/lib64ncpfs-devel-2.2.6-11.1.mbs1.x86_64.rpm
 b6532c99f5c8194fc477fc39c29708ac  mbs1/x86_64/ncpfs-2.2.6-11.1.mbs1.x86_64.rpm 
 abc71b5ed182e28ac708e196cb50540a  mbs1/SRPMS/ncpfs-2.2.6-11.1.mbs1.src.rpm

References