Ncpfs : Security Vulnerabilities, CVEs, Published In 2010
ncpfs 2.2.6 allows local users to cause a denial of service, obtain sensitive information, or possibly gain privileges via symlink attacks involving the (1) ncpmount and (2) ncpumount programs.
Max CVSS
4.4
EPSS Score
0.04%
Published
2010-03-02
Updated
2018-10-10
sutil/ncpumount.c in ncpumount in ncpfs 2.2.6 produces certain detailed error messages about the results of privileged file-access attempts, which allows local users to determine the existence of arbitrary files via the mountpoint name.
Max CVSS
2.1
EPSS Score
0.04%
Published
2010-03-10
Updated
2018-10-10
The (1) ncpmount, (2) ncpumount, and (3) ncplogin programs in ncpfs 2.2.6 do not properly create lock files, which allows local users to cause a denial of service (application failure) via unspecified vectors that trigger the creation of a /etc/mtab~ file that persists after the program exits.
Max CVSS
2.1
EPSS Score
0.04%
Published
2010-03-10
Updated
2018-10-10
3 vulnerabilities found