Rapid7 Vulnerability & Exploit Database

RHSA-2005:371: ncpfs security update

Back to Search

RHSA-2005:371: ncpfs security update

Severity
7
CVSS
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Published
05/02/2005
Created
07/25/2018
Added
10/28/2005
Modified
07/12/2017

Description

An updated ncpfs package is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

Ncpfs is a file system that understands the Novell NetWare(TM) NCP protocol. A bug was found in the way ncpfs handled file permissions. ncpfs did not sufficiently check if the file owner matched the user attempting to access the file, potentially violating the file permissions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0013 to this issue. All users of ncpfs are advised to upgrade to this updated package, which contains backported fixes for this issue.

Solution(s)

  • redhat-upgrade-ipxutils
  • redhat-upgrade-ncpfs

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;