NCPFS Multiple Remote Vulnerabilities

Bugtraq ID:	12400
Class:	Unknown
CVE:	CVE-2005-0014 CVE-2005-0013
Remote:	Yes
Local:	Yes
Published:	Jan 31 2005 12:00AM
Updated:	Nov 29 2006 11:34PM
Credit:	Erik Sjolund is credited with the discovery of these issues.
Vulnerable:	SuSE Linux 8.1 SuSE Linux 8.0 i386 SuSE Linux 8.0 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 8.2 Redhat Linux 9.0 i386 Redhat Linux 7.3 i386 Redhat Fedora Core3 Redhat Fedora Core2 Redhat Fedora Core1 Redhat Enterprise Linux ES 2.1 IA64 Redhat Enterprise Linux ES 2.1 Redhat Enterprise Linux AS 2.1 IA64 Redhat Enterprise Linux AS 2.1 Redhat Advanced Workstation for the Itanium Processor 2.1 IA64 Redhat Advanced Workstation for the Itanium Processor 2.1 ncpfs ncpfs 2.2.5 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Debian Linux 3.0 + Gentoo Linux ncpfs ncpfs 2.2.4 + Conectiva Linux Enterprise Edition 1.0 + S.u.S.E. Linux Connectivity Server + S.u.S.E. Linux Database Server 0 + S.u.S.E. Linux Personal 9.2 + S.u.S.E. Linux Personal 9.1 + S.u.S.E. Linux Personal 9.0 x86_64 + S.u.S.E. Linux Personal 9.0 + S.u.S.E. Linux Personal 8.2 + SuSE Linux 8.1 + SuSE Linux 8.0 + SuSE Linux Desktop 1.0 + SuSE Linux Enterprise Server 9 + SuSE SUSE Linux Enterprise Server 8 ncpfs ncpfs 2.2.3 ncpfs ncpfs 2.2.2 ncpfs ncpfs 2.2.1 ncpfs ncpfs 2.2 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Debian Linux 3.0 Mandriva Linux Mandrake 10.1 x86_64 Mandriva Linux Mandrake 10.1 Mandriva Linux Mandrake 10.0 AMD64 Mandriva Linux Mandrake 10.0 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0
Not Vulnerable:	ncpfs ncpfs 2.2.6 + MandrakeSoft Corporate Server 3.0 x86_64 + MandrakeSoft Corporate Server 3.0 x86_64 + MandrakeSoft Corporate Server 3.0 + MandrakeSoft Corporate Server 3.0 + Mandriva Linux Mandrake 10.1 x86_64 + Mandriva Linux Mandrake 10.1 + Mandriva Linux Mandrake 10.1 + Mandriva Linux Mandrake 10.0 AMD64 + Mandriva Linux Mandrake 10.0 AMD64 + Mandriva Linux Mandrake 10.0 + Mandriva Linux Mandrake 10.0

NCPFS Multiple Remote Vulnerabilities

Multiple remote vulnerabilities affect ncpfs. The utility fails to manage access privileges securely and to validate the length of user-supplied strings before copying them into finite process buffers.

The first issue is a remote buffer-overflow vulnerability. The second issue is an access-validation issue due to the setuid privileges of ncpfs utilities.

An attacker may leverage these issues to execute arbitrary code with the privileges of the affected application and to access arbitrary files with the escalated privileges.

NCPFS Multiple Remote Vulnerabilities


Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]

NCPFS Multiple Remote Vulnerabilities

Solution:

Please see the referenced advisories for more information.


ncpfs ncpfs 2.2

• Debian ipx_2.2.0.18-10woody2_alpha.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/n/ncpfs/ipx_2.2.0.18-10wo ody2_alpha.deb


• Debian ipx_2.2.0.18-10woody2_arm.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/n/ncpfs/ipx_2.2.0.18-10wo ody2_arm.deb


• Debian ipx_2.2.0.18-10woody2_hppa.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/n/ncpfs/ipx_2.2.0.18-10wo ody2_hppa.deb


• Debian ipx_2.2.0.18-10woody2_i386.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/n/ncpfs/ipx_2.2.0.18-10wo ody2_i386.deb


• Debian ipx_2.2.0.18-10woody2_ia64.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/n/ncpfs/ipx_2.2.0.18-10wo ody2_ia64.deb


• Debian ipx_2.2.0.18-10woody2_m68k.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/n/ncpfs/ipx_2.2.0.18-10wo ody2_m68k.deb


• Debian ipx_2.2.0.18-10woody2_mips.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/n/ncpfs/ipx_2.2.0.18-10wo ody2_mips.deb


• Debian ipx_2.2.0.18-10woody2_mipsel.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/n/ncpfs/ipx_2.2.0.18-10wo ody2_mipsel.deb


• Debian ipx_2.2.0.18-10woody2_powerpc.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/n/ncpfs/ipx_2.2.0.18-10wo ody2_powerpc.deb


• Debian ipx_2.2.0.18-10woody2_s390.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/n/ncpfs/ipx_2.2.0.18-10wo ody2_s390.deb


• Debian ipx_2.2.0.18-10woody2_sparc.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/n/ncpfs/ipx_2.2.0.18-10wo ody2_sparc.deb


• Debian ncpfs_2.2.0.18-10woody2_alpha.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/n/ncpfs/ncpfs_2.2.0.18-10 woody2_alpha.deb


• Debian ncpfs_2.2.0.18-10woody2_arm.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/n/ncpfs/ncpfs_2.2.0.18-10 woody2_arm.deb


• Debian ncpfs_2.2.0.18-10woody2_hppa.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/n/ncpfs/ncpfs_2.2.0.18-10 woody2_hppa.deb


• Debian ncpfs_2.2.0.18-10woody2_i386.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/n/ncpfs/ncpfs_2.2.0.18-10 woody2_i386.deb


• Debian ncpfs_2.2.0.18-10woody2_ia64.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/n/ncpfs/ncpfs_2.2.0.18-10 woody2_ia64.deb


• Debian ncpfs_2.2.0.18-10woody2_m68k.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/n/ncpfs/ncpfs_2.2.0.18-10 woody2_m68k.deb


• Debian ncpfs_2.2.0.18-10woody2_mips.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/n/ncpfs/ncpfs_2.2.0.18-10 woody2_mips.deb


• Debian ncpfs_2.2.0.18-10woody2_mipsel.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/n/ncpfs/ncpfs_2.2.0.18-10 woody2_mipsel.deb


• Debian ncpfs_2.2.0.18-10woody2_powerpc.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/n/ncpfs/ncpfs_2.2.0.18-10 woody2_powerpc.deb


• Debian ncpfs_2.2.0.18-10woody2_s390.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/n/ncpfs/ncpfs_2.2.0.18-10 woody2_s390.deb


• Debian ncpfs_2.2.0.18-10woody2_sparc.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/n/ncpfs/ncpfs_2.2.0.18-10 woody2_sparc.deb

ncpfs ncpfs 2.2.1

• Mandrake ipxutils-2.2.6-0.1.C21mdk.i586.rpm
  Mandrake Corporate Server 2.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake ipxutils-2.2.6-0.1.C21mdk.x86_64.rpm
  Mandrake Corporate Server 2.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake ncpfs-2.2.6-0.1.C21mdk.i586.rpm
  Mandrake Corporate Server 2.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake ncpfs-2.2.6-0.1.C21mdk.x86_64.rpm
  Mandrake Corporate Server 2.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• ncpfs ncpfs 2.2.6
  http://knihovny.cvut.cz/ftp/pub/linux/ncpfs/ncpfs-2.2.6.tar.gz


• RedHat ipxutils-2.2.1-1.1.legacy.i386.rpm
  Red Hat Linux 9:
  http://download.fedoralegacy.org/redhat/9/updates/i386/ipxutils-2.2.1- 1.1.legacy.i386.rpm


• RedHat ncpfs-2.2.1-1.1.legacy.i386.rpm
  Red Hat Linux 9:
  http://download.fedoralegacy.org/redhat/9/updates/i386/ncpfs-2.2.1-1.1 .legacy.i386.rpm


• SuSE ncpfs-2.2.1-56.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/ncpfs-2.2.1-56.i5 86.rpm


• SuSE ncpfs-devel-2.2.1-56.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/ncpfs-devel-2.2.1 -56.i586.rpm

ncpfs ncpfs 2.2.2

• ncpfs ncpfs 2.2.6
  http://knihovny.cvut.cz/ftp/pub/linux/ncpfs/ncpfs-2.2.6.tar.gz

ncpfs ncpfs 2.2.3

• Mandrake ipxutils-2.2.6-0.1.100mdk.amd64.rpm
  Mandrake Linux 10.0/amd64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake ipxutils-2.2.6-0.1.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake ipxutils-2.2.6-0.1.C30mdk.i586.rpm
  Mandrake Corporate Server 3.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake ipxutils-2.2.6-0.1.C30mdk.x86_64.rpm
  Mandrake Corporate Server 3.0/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lib64ncpfs2.3-2.2.6-0.1.100mdk.amd64.rpm
  Mandrake Linux 10.0/amd64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lib64ncpfs2.3-2.2.6-0.1.C30mdk.x86_64.rpm
  Mandrake Corporate Server 3.0/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lib64ncpfs2.3-devel-2.2.6-0.1.100mdk.amd64.rpm
  Mandrake Linux 10.0/amd64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lib64ncpfs2.3-devel-2.2.6-0.1.C30mdk.x86_64.rpm
  Mandrake Corporate Server 3.0/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libncpfs2.3-2.2.6-0.1.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libncpfs2.3-2.2.6-0.1.C30mdk.i586.rpm
  Mandrake Corporate Server 3.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libncpfs2.3-devel-2.2.6-0.1.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libncpfs2.3-devel-2.2.6-0.1.C30mdk.i586.rpm
  Mandrake Corporate Server 3.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake ncpfs-2.2.6-0.1.100mdk.amd64.rpm
  Mandrake Linux 10.0/amd64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake ncpfs-2.2.6-0.1.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake ncpfs-2.2.6-0.1.C30mdk.i586.rpm
  Mandrake Corporate Server 3.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake ncpfs-2.2.6-0.1.C30mdk.x86_64.rpm
  Mandrake Corporate Server 3.0/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• ncpfs ncpfs 2.2.6
  http://knihovny.cvut.cz/ftp/pub/linux/ncpfs/ncpfs-2.2.6.tar.gz


• RedHat ipxutils-2.2.3-1.1.legacy.i386.rpm
  Fedora Core 1:
  http://download.fedoralegacy.org/fedora/1/updates/i386/ipxutils-2.2.3- 1.1.legacy.i386.rpm


• RedHat ncpfs-2.2.3-1.1.legacy.i386.rpm
  Fedora Core 1:
  http://download.fedoralegacy.org/fedora/1/updates/i386/ncpfs-2.2.3-1.1 .legacy.i386.rpm


• SuSE ncpfs-2.2.3-107.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/ncpfs-2.2.3-107.i 586.rpm


• SuSE ncpfs-2.2.3-107.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/ncpfs-2.2.3-1 07.x86_64.rpm


• SuSE ncpfs-devel-2.2.3-107.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/ncpfs-devel-2.2.3 -107.i586.rpm


• SuSE ncpfs-devel-2.2.3-107.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/ncpfs-devel-2 .2.3-107.x86_64.rpm

ncpfs ncpfs 2.2.4

• Mandrake ipxutils-2.2.6-0.1.101mdk.i586.rpm
  Mandrake Linux 10.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake ipxutils-2.2.6-0.1.101mdk.x86_64.rpm
  Mandrake Linux 10.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lib64ncpfs2.3-2.2.6-0.1.101mdk.x86_64.rpm
  Mandrake Linux 10.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lib64ncpfs2.3-devel-2.2.6-0.1.101mdk.x86_64.rpm
  Mandrake Linux 10.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libncpfs2.3-2.2.6-0.1.101mdk.i586.rpm
  Mandrake Linux 10.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libncpfs2.3-devel-2.2.6-0.1.101mdk.i586.rpm
  Mandrake Linux 10.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake ncpfs-2.2.6-0.1.101mdk.i586.rpm
  Mandrake Linux 10.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake ncpfs-2.2.6-0.1.101mdk.x86_64.rpm
  Mandrake Linux 10.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• ncpfs ncpfs 2.2.6
  http://knihovny.cvut.cz/ftp/pub/linux/ncpfs/ncpfs-2.2.6.tar.gz


• RedHat ipxutils-2.2.4-1.1.legacy.i386.rpm
  Fedora Core 2:
  http://download.fedoralegacy.org/fedora/2/updates/i386/ipxutils-2.2.4- 1.1.legacy.i386.rpm


• RedHat ipxutils-2.2.4-5.FC3.1.legacy.i386.rpm
  Fedora Core 3:
  http://download.fedoralegacy.org/fedora/3/updates/i386/ipxutils-2.2.4- 5.FC3.1.legacy.i386.rpm


• RedHat ipxutils-2.2.4-5.FC3.1.legacy.x86_64.rpm
  Fedora Core 3:
  http://download.fedoralegacy.org/fedora/3/updates/x86_64/ipxutils-2.2. 4-5.FC3.1.legacy.x86_64.rpm


• RedHat ncpfs-2.2.4-1.1.legacy.i386.rpm
  Fedora Core 2:
  http://download.fedoralegacy.org/fedora/2/updates/i386/ncpfs-2.2.4-1.1 .legacy.i386.rpm


• RedHat ncpfs-2.2.4-5.FC3.1.legacy.i386.rpm
  Fedora Core 3:
  http://download.fedoralegacy.org/fedora/3/updates/i386/ncpfs-2.2.4-5.F C3.1.legacy.i386.rpm


• RedHat ncpfs-2.2.4-5.FC3.1.legacy.x86_64.rpm
  Fedora Core 3:
  http://download.fedoralegacy.org/fedora/3/updates/x86_64/ncpfs-2.2.4-5 .FC3.1.legacy.x86_64.rpm


• RedHat Fedora ipxutils-2.2.4-4.FC3.1.i386.rpm
  Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• RedHat Fedora ipxutils-2.2.4-4.FC3.1.x86_64.rpm
  Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• RedHat Fedora ncpfs-2.2.4-4.FC3.1.i386.rpm
  Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• RedHat Fedora ncpfs-2.2.4-4.FC3.1.x86_64.rpm
  Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• RedHat Fedora ncpfs-debuginfo-2.2.4-4.FC3.1.i386.rpm
  Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• RedHat Fedora ncpfs-debuginfo-2.2.4-4.FC3.1.x86_64.rpm
  Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• SuSE ncpfs-2.2.4-25.7.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/ncpfs-2.2.4-25.7. i586.rpm


• SuSE ncpfs-2.2.4-25.7.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/ncpfs-2.2.4-2 5.7.x86_64.rpm


• SuSE ncpfs-2.2.4-29.4.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/ncpfs-2.2.4-29.4. i586.rpm


• SuSE ncpfs-2.2.4-29.4.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/ncpfs-2.2.4-2 9.4.x86_64.rpm


• SuSE ncpfs-devel-2.2.4-25.7.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/ncpfs-devel-2.2.4 -25.7.i586.rpm


• SuSE ncpfs-devel-2.2.4-25.7.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/ncpfs-devel-2 .2.4-25.7.x86_64.rpm


• SuSE ncpfs-devel-2.2.4-29.4.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/ncpfs-devel-2.2.4 -29.4.i586.rpm


• SuSE ncpfs-devel-2.2.4-29.4.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/ncpfs-devel-2 .2.4-29.4.x86_64.rpm

ncpfs ncpfs 2.2.5

• ncpfs ncpfs 2.2.6
  http://knihovny.cvut.cz/ftp/pub/linux/ncpfs/ncpfs-2.2.6.tar.gz

NCPFS Multiple Remote Vulnerabilities

References:

• DSA-665-1 ncpfs -- missing privilege release (Debian)
  
• MDKSA-2005:028 - ncpfs (Mandrake)
  
• ncpfs 2.2.6 Change Log (ncpfs)
  
• ncpfs Project Page (ncpfs)
  
• RHSA-2005:371-06 : ncpfs security update (RedHat)