About Us | Contact Us

 


 

VUPEN Free Resources
 
  VUPEN Security Advisories
 
  VUPEN Security Blog & News
  Zero-day Attacks Monitor
  Daily Security Mailinglist
  Explanation of Terms
  Advanced Search Engine
 
   

Mandriva Security Update Fixes ncpfs Two Local Vulnerabilities

VUPEN ID VUPEN/ADV-2010-0589
CVE ID CVE-2010-0790 - CVE-2010-0791
 
CWE ID Available in VUPEN VNS Customer Area
CVSS V2 Available in VUPEN VNS Customer Area
Rated as Low Risk 
Impact Available in VUPEN VNS Customer Area
Authentication Level Available in VUPEN VNS Customer Area
Access Vector Available in VUPEN VNS Customer Area
Release Date 2010-03-12
Share Twitter LinkedIn Facebook Delicious Digg Slashdot

Technical Description

Two vulnerabilities have been identified in Mandriva, which could be exploited by local attackers to disclose sensitive information or cause a denial of service. These issues are caused by errors in the "ncpmount", "ncpumount", and "ncplogin" programs when displaying error messages or creating lock files, which could allow local attackers to determine the existence of arbitrary files or cause a denial of service.

Affected Products

Mandriva Linux 2008.0
Mandriva Linux 2009.0
Mandriva Linux 2009.1
Mandriva Linux 2010.0
Mandriva Corporate 4.0
Mandriva Enterprise Server 5.0
Mandriva Multi Network Firewall 2.0

Solution 

Upgrade the affected packages :

Mandriva Linux 2008.0:
f7a8ca8faffce840a6814724a9f4e13a 2008.0/i586/ipxutils-2.2.6-3.2mdv2008.0.i586.rpm
e26483fd14e02674e71ad594181ed79e 2008.0/i586/libncpfs2.3-2.2.6-3.2mdv2008.0.i586.rpm
9451cbbdd8249de6f9c6b2419ae747f9 2008.0/i586/libncpfs2.3-devel-2.2.6-3.2mdv2008.0.i586.rpm
84d5f1ef0b99acc91bb24554f3f77ae1 2008.0/i586/ncpfs-2.2.6-3.2mdv2008.0.i586.rpm
5fefe503c4ae846c53e1311c9b7d0fd9 2008.0/SRPMS/ncpfs-2.2.6-3.2mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
317825e9ba230cb79948eabfffb909f3 2008.0/x86_64/ipxutils-2.2.6-3.2mdv2008.0.x86_64.rpm
532c1b50f1e7e3c18a8e78c6d9a99674 2008.0/x86_64/lib64ncpfs2.3-2.2.6-3.2mdv2008.0.x86_64.rpm
05509d44fa66199cce0e607f5f748ce8 2008.0/x86_64/lib64ncpfs2.3-devel-2.2.6-3.2mdv2008.0.x86_64.rpm
755ee4bbf43040f15faeefad1d6b9bd1 2008.0/x86_64/ncpfs-2.2.6-3.2mdv2008.0.x86_64.rpm
5fefe503c4ae846c53e1311c9b7d0fd9 2008.0/SRPMS/ncpfs-2.2.6-3.2mdv2008.0.src.rpm

Mandriva Linux 2009.0:
df608af475e518bc672ec54080a71129 2009.0/i586/ipxutils-2.2.6-6.2mdv2009.0.i586.rpm
bc02fbfe14425e3a3085c9b08c99ae1c 2009.0/i586/libncpfs2.3-2.2.6-6.2mdv2009.0.i586.rpm
ee0c1b55e7d8135de3d904de32fffba4 2009.0/i586/libncpfs-devel-2.2.6-6.2mdv2009.0.i586.rpm
32a63bfd400cd0a12cf2f98dbbb2fe37 2009.0/i586/ncpfs-2.2.6-6.2mdv2009.0.i586.rpm
c80af8183956c89533f5d29018a5da3f 2009.0/SRPMS/ncpfs-2.2.6-6.2mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
8e2466b981f678e0300c005d2891b727 2009.0/x86_64/ipxutils-2.2.6-6.2mdv2009.0.x86_64.rpm
853cf68f0b74bb5338b4a59a2c851f3f 2009.0/x86_64/lib64ncpfs2.3-2.2.6-6.2mdv2009.0.x86_64.rpm
784e732a2fc55020081a49f08860c0b4 2009.0/x86_64/lib64ncpfs-devel-2.2.6-6.2mdv2009.0.x86_64.rpm
2c60654e5812e8b2bed23dd25b92a2e6 2009.0/x86_64/ncpfs-2.2.6-6.2mdv2009.0.x86_64.rpm
c80af8183956c89533f5d29018a5da3f 2009.0/SRPMS/ncpfs-2.2.6-6.2mdv2009.0.src.rpm

Mandriva Linux 2009.1:
550f4e8f2220a1f9897e8acf9c8aa35d 2009.1/i586/ipxutils-2.2.6-7.2mdv2009.1.i586.rpm
99a731ac177a83950ec5d08a1a2f74cf 2009.1/i586/libncpfs2.3-2.2.6-7.2mdv2009.1.i586.rpm
5ffd14de2ec5a3585967ca0bdcff5268 2009.1/i586/libncpfs-devel-2.2.6-7.2mdv2009.1.i586.rpm
04232470e8c0206cf211d2bb991eb5f2 2009.1/i586/ncpfs-2.2.6-7.2mdv2009.1.i586.rpm
f9959c23aba2806c3f7fd3078b58d233 2009.1/SRPMS/ncpfs-2.2.6-7.2mdv2009.1.src.rpm

Mandriva Linux 2009.1/X86_64:
11400b2d8f1e646ce3913d6a4f9370dc 2009.1/x86_64/ipxutils-2.2.6-7.2mdv2009.1.x86_64.rpm
90c272182b6d9fb9fdc64dec5ae2a030 2009.1/x86_64/lib64ncpfs2.3-2.2.6-7.2mdv2009.1.x86_64.rpm
66cfe5705b55b4c1aaa0907dabf77a91 2009.1/x86_64/lib64ncpfs-devel-2.2.6-7.2mdv2009.1.x86_64.rpm
0ff7654b1c841d8a1fb9d4c45d808306 2009.1/x86_64/ncpfs-2.2.6-7.2mdv2009.1.x86_64.rpm
f9959c23aba2806c3f7fd3078b58d233 2009.1/SRPMS/ncpfs-2.2.6-7.2mdv2009.1.src.rpm

Mandriva Linux 2010.0:
f848b1bfb0d52e4dcdec0b9808ac509a 2010.0/i586/ipxutils-2.2.6-7.2mdv2010.0.i586.rpm
54aa704c0b1af11e042dcd9672de3e25 2010.0/i586/libncpfs2.3-2.2.6-7.2mdv2010.0.i586.rpm
93a2e667cd3543960897e35d2cb0cab8 2010.0/i586/libncpfs-devel-2.2.6-7.2mdv2010.0.i586.rpm
1f8d2304c8140ef4a9f86c5f91dc2503 2010.0/i586/ncpfs-2.2.6-7.2mdv2010.0.i586.rpm
832c3cf3bd76b027e3551f21c42d4e63 2010.0/SRPMS/ncpfs-2.2.6-7.2mdv2010.0.src.rpm

Mandriva Linux 2010.0/X86_64:
7a92ccdf00e1969312ceba039a383c5b 2010.0/x86_64/ipxutils-2.2.6-7.2mdv2010.0.x86_64.rpm
090c7dfaa946377d3973e059133db67c 2010.0/x86_64/lib64ncpfs2.3-2.2.6-7.2mdv2010.0.x86_64.rpm
b3157282b6c4a3b8d2e5c996a9dc48b4 2010.0/x86_64/lib64ncpfs-devel-2.2.6-7.2mdv2010.0.x86_64.rpm
722201fa17838a7bbcf75afe9e51d0b9 2010.0/x86_64/ncpfs-2.2.6-7.2mdv2010.0.x86_64.rpm
832c3cf3bd76b027e3551f21c42d4e63 2010.0/SRPMS/ncpfs-2.2.6-7.2mdv2010.0.src.rpm

Corporate 4.0:
36221d2e2f7f7b6f1afaf8a0fbb4cc43 corporate/4.0/i586/ipxutils-2.2.6-1.2.20060mlcs4.i586.rpm
04ed54c9ef53c7b7bc8d6c5bc82875ec corporate/4.0/i586/libncpfs2.3-2.2.6-1.2.20060mlcs4.i586.rpm
ffc910168a47678c9e26b8a999eebba1 corporate/4.0/i586/libncpfs2.3-devel-2.2.6-1.2.20060mlcs4.i586.rpm
d62caa887b9a0afede029092cb94210c corporate/4.0/i586/ncpfs-2.2.6-1.2.20060mlcs4.i586.rpm
ad5fc693c4b8099f793e60fd8e362497 corporate/4.0/SRPMS/ncpfs-2.2.6-1.2.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
010aac4bbd8b97be07f4cf95728aa73f corporate/4.0/x86_64/ipxutils-2.2.6-1.2.20060mlcs4.x86_64.rpm
dafdc2c37fd80aa4dd23e909cb443600 corporate/4.0/x86_64/lib64ncpfs2.3-2.2.6-1.2.20060mlcs4.x86_64.rpm
82ddb2436bdf862367339606b2458373 corporate/4.0/x86_64/lib64ncpfs2.3-devel-2.2.6-1.2.20060mlcs4.x86_64.rpm
2102a419baacc322e3323a2db9b7bd0c corporate/4.0/x86_64/ncpfs-2.2.6-1.2.20060mlcs4.x86_64.rpm
ad5fc693c4b8099f793e60fd8e362497 corporate/4.0/SRPMS/ncpfs-2.2.6-1.2.20060mlcs4.src.rpm

Mandriva Enterprise Server 5:
67e97534bae7efeb19fbcc9903b6abc0 mes5/i586/ipxutils-2.2.6-6.2mdvmes5.i586.rpm
9a40d5174ab91bbce961034c60708f15 mes5/i586/libncpfs2.3-2.2.6-6.2mdvmes5.i586.rpm
5ae0613e36539f1be008969522dbaa95 mes5/i586/libncpfs-devel-2.2.6-6.2mdvmes5.i586.rpm
30b0ec51a7ab456ecaeb3d98fc6ba292 mes5/i586/ncpfs-2.2.6-6.2mdvmes5.i586.rpm
c16bd63bb48549bbee38c14b280c5d54 mes5/SRPMS/ncpfs-2.2.6-6.2mdv2009.0.src.rpm

Mandriva Enterprise Server 5/X86_64:
2ea07838c868cf99959b263831cfe51f mes5/x86_64/ipxutils-2.2.6-6.2mdvmes5.x86_64.rpm
28c1d5b37556e3143badbf296e6faf59 mes5/x86_64/lib64ncpfs2.3-2.2.6-6.2mdvmes5.x86_64.rpm
5b697ab26fa6709fd6fb759c0893921e mes5/x86_64/lib64ncpfs-devel-2.2.6-6.2mdvmes5.x86_64.rpm
b9674e0cbbb6c61f711760fa05152d26 mes5/x86_64/ncpfs-2.2.6-6.2mdvmes5.x86_64.rpm
c16bd63bb48549bbee38c14b280c5d54 mes5/SRPMS/ncpfs-2.2.6-6.2mdv2009.0.src.rpm

Multi Network Firewall 2.0:
8024befbd43bcf81f84103753610bbb7 mnf/2.0/i586/ipxutils-2.2.6-0.3.M20mdk.i586.rpm
d97f0d32ad39007d7b2c4634bc84fd27 mnf/2.0/i586/libncpfs2.3-2.2.6-0.3.M20mdk.i586.rpm
027010fa612a861b59e7b2fb15d7b834 mnf/2.0/i586/libncpfs2.3-devel-2.2.6-0.3.M20mdk.i586.rpm
4c0f378c6fcc6e2f44688d85435aa439 mnf/2.0/i586/ncpfs-2.2.6-0.3.M20mdk.i586.rpm
5a0d9c59bc8086de2bff5667368410e4 mnf/2.0/SRPMS/ncpfs-2.2.6-0.3.M20mdk.src.rpm

References

http://www.vupen.com/english/advisories/2010/0589
http://lists.mandriva.com/security-announce/2010-03/msg00025.php

Changelog 

2010-03-12 : Initial release

Feedback 

If you have additional information or corrections for this security advisory please submit them via our contact form.
 

Monthly Statistics 

 

 VUPEN Security Advisories By Criticality: Sep 2010


  Critical Risk

 : 21%

  High Risk		 : 2%

  Moderate Risk		 : 51%

  Low Risk		 : 26%

Get a real-time view of the vulnerabilities affecting your systems using the VUPEN VNS reporting capabilities.
 
 

Try VUPEN VNS 

 

 





© 2004-2010 VUPEN Security - Copyright - Privacy Policy