Vulnerability Details : CVE-2010-0788
ncpfs 2.2.6 allows local users to cause a denial of service, obtain sensitive information, or possibly gain privileges via symlink attacks involving the (1) ncpmount and (2) ncpumount programs.
Vulnerability category: Denial of service
Products affected by CVE-2010-0788
- cpe:2.3:a:ncpfs:ncpfs:2.2.6:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2010-0788
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 8 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2010-0788
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.4
|
MEDIUM | AV:L/AC:M/Au:N/C:P/I:P/A:P |
3.4
|
6.4
|
NIST |
CWE ids for CVE-2010-0788
-
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-0788
-
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2010:013
-
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2010:012
-
http://www.securityfocus.com/bid/38563
ncpfs Multiple Local Vulnerabilities
-
http://www.securityfocus.com/archive/1/509894/100/0/threaded
SecurityFocus
-
http://www.securityfocus.com/archive/1/509893/100/0/threaded
SecurityFocus
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034403.html
[SECURITY] Fedora 12 Update: ncpfs-2.2.6-13.fc12
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034422.html
[SECURITY] Fedora 11 Update: ncpfs-2.2.6-12.fc11
-
https://bugzilla.redhat.com/show_bug.cgi?id=558833
558833 – CVE-2009-3297 samba, fuse, ncpfs: Race condition by mount (mount.cifs, ncpmount) / umount (fusermount, ncpumount) operations [Fedora all]
-
http://seclists.org/fulldisclosure/2010/Mar/122
Full Disclosure: ncpfs, Multiple Vulnerabilities
-
https://bugzilla.redhat.com/show_bug.cgi?id=532940
532940 – (CVE-2010-0788) CVE-2010-0788 ncpfs: Race condition by mount (ncpmount) / umount (ncpumount) operations
Jump to