Vulnerabilities > CVE-2005-0013 - Remote vulnerability in NCPFS
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
nwclient.c in ncpfs before 2.2.6 does not drop root privileges before executing utilities using the NetWare client functions, which allows local users to gain privileges.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 5 |
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200501-44.NASL description The remote host is affected by the vulnerability described in GLSA-200501-44 (ncpfs: Multiple vulnerabilities) Erik Sjolund discovered two vulnerabilities in the programs bundled with ncpfs: there is a potentially exploitable buffer overflow in ncplogin (CAN-2005-0014), and due to a flaw in nwclient.c, utilities using the NetWare client functions insecurely access files with elevated privileges (CAN-2005-0013). Impact : The buffer overflow might allow a malicious remote NetWare server to execute arbitrary code on the NetWare client. Furthermore, a local attacker may be able to create links and access files with elevated privileges using SUID ncpfs utilities. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 16435 published 2005-02-14 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16435 title GLSA-200501-44 : ncpfs: Multiple vulnerabilities NASL family Debian Local Security Checks NASL id DEBIAN_DSA-665.NASL description Erik Sjolund discovered several bugs in ncpfs that provides utilities to use resources from NetWare servers of which one also applies to the stable Debian distribution. Due to accessing a configuration file without further checks with root permissions it is possible to read arbitrary files. last seen 2020-06-01 modified 2020-06-02 plugin id 16311 published 2005-02-04 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16311 title Debian DSA-665-1 : ncpfs - missing privilege release NASL family Fedora Local Security Checks NASL id FEDORA_2005-435.NASL description - Fri Jun 17 2005 Jiri Ryska <jryska at redhat.com> 2.2.4-4.FC3.1 - fixed getuid security bug CVE-2005-0014 - fixed security bug CVE-2004-1079 - Mon Apr 11 2005 Jiri Ryska <jryska at redhat.com> 2.2.4-4.FC3 - fixed getuid security bug CVE-2005-0013 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 19464 published 2005-08-19 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19464 title Fedora Core 3 : ncpfs-2.2.4-4.FC3.1 (2005-435) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-371.NASL description An updated ncpfs package is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ncpfs is a file system that understands the Novell NetWare(TM) NCP protocol. A bug was found in the way ncpfs handled file permissions. ncpfs did not sufficiently check if the file owner matched the user attempting to access the file, potentially violating the file permissions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0013 to this issue. All users of ncpfs are advised to upgrade to this updated package, which contains backported fixes for this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 18278 published 2005-05-17 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/18278 title RHEL 2.1 : ncpfs (RHSA-2005:371) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-028.NASL description Erik Sjolund discovered two vulnerabilities in programs bundled with ncpfs. Due to a flaw in nwclient.c, utilities that use the NetWare client functions insecurely access files with elevated privileges (CVE-2005-0013), and there is a potentially exploitable buffer overflow in the ncplogin program (CVE-2005-0014). As well, an older vulnerability found by Karol Wiesek is corrected with these new versions of ncpfs. Karol found a buffer overflow in the handling of the last seen 2020-06-01 modified 2020-06-02 plugin id 16294 published 2005-02-02 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16294 title Mandrake Linux Security Advisory : ncpfs (MDKSA-2005:028) NASL family SuSE Local Security Checks NASL id SUSE9_9805.NASL description This update fixes the following security issues : - a buffer overflow in ncplogin and ncpmap. Both applications are installed setuid-root on SuSE Linux, but only users of group last seen 2020-06-01 modified 2020-06-02 plugin id 41344 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41344 title SuSE9 Security Update : ncpfs (YOU Patch Number 9805)
Redhat
| advisories |
|
References
- ftp://platan.vc.cvut.cz/pub/linux/ncpfs/Changes-2.2.6
- http://securitytracker.com/id?1013019
- http://www.debian.org/security/2005/dsa-665
- http://www.gentoo.org/security/en/glsa/glsa-200501-44.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:028
- http://www.osvdb.org/13297
- http://www.redhat.com/support/errata/RHSA-2005-371.html
- http://www.securityfocus.com/archive/1/433927/100/0/threaded
- http://www.securityfocus.com/bid/12400