LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

ncpfs: privilege escalation

Package(s):ncpfs CVE #(s):CVE-2009-3297
Created:January 28, 2010 Updated:March 1, 2011
Description:

From the Red Hat bugzilla entry:

Ronald Volgers found a race condition in the samba-client's mount.cifs utility. Local, unprivileged user could use this flaw to conduct symlink attacks, leading to disclosure of sensitive information, or, possibly to privilege escalation.

Alerts:
Ubuntu USN-1077-1 2011-02-28
SuSE SUSE-SR:2010:011 2010-05-10
Fedora FEDORA-2010-3999 2010-03-10
Fedora FEDORA-2010-4050 2010-03-10
Debian DSA-1989-1 2010-02-02
Fedora FEDORA-2010-1218 2010-01-29
Fedora FEDORA-2010-1190 2010-01-29
Ubuntu USN-892-1 2010-01-28
Ubuntu USN-893-1 2010-01-28
Fedora FEDORA-2010-1145 2010-01-28
Fedora FEDORA-2010-1168 2010-01-28
Pardus 2010-27 2010-02-02
Pardus 2010-23 2010-02-02
Debian DSA-2004-1 2010-02-28
Mandriva MDVSA-2010:047 2010-02-23
Mandriva MDVSA-2010:046 2010-02-23
SuSE SUSE-SR:2010:004 2010-02-16
Fedora FEDORA-2010-1159 2010-01-28
Fedora FEDORA-2010-1140 2010-01-28
SuSE SUSE-SR:2010:003 2010-02-09
(Log in to post comments)

ncpfs: privilege escalation

Posted Feb 4, 2010 22:04 UTC (Thu) by buchanmilne (guest, #42315) [Link]

This article seems to contain a mix of ncpfs, samba and fuse
vulnerabilities, from the discrepency between title/package vs description,
to the alerts.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds