Secunia Logo  


Secunia PSI WorldMap
 
ncpfs NWDSCreateContextHandleMnt Buffer Overflow Vulnerability
Secunia Advisory: SA13292
Release Date: 2004-11-30
Last Update: 2004-12-07
Popularity: 7,800 views

Critical:
Not critical
Impact: DoS
Where: Local system
Solution Status: Vendor Patch

Software:ncpfs 2.x

Secunia CVSS-2 Score: Available in Secunia business solutions

Subscribe: Instant alerts on relevant vulnerabilities


Advisory Content (Page 1 of 3)[ 1 ] [ 2 ] [ 3 ]

Description:
Karol Wiesek has reported a potential vulnerability in ncpfs, which can be exploited by malicious, local users.

The problem is caused due to a boundary error within the "NWDSCreateContextHandleMnt()" function when handling tree names. This can be exploited via ncpmap or ncplogin (both utilities installed setuid "root" on some Linux distributions) to cause a buffer overflow by passing an overly long argument (about 330 bytes) as a tree name to the "-T" command line option.

Successful exploitation causes an access violation. The issue is currently not believed to be exploitable for code execution, but this cannot be ruled out completely.

The issue has been reported in version 2.2.4. Other versions may also be affected.

Change Page:
[ 1 ] [ 2 ] [ 3 ]



Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.

Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
  
Latest Advisories

Today
New advisories: 6
New vulnerabilities: 23
Updated advisories: 66

Not // 110 views
Debian update for pidgin
Less // 115 views
Debian update for linux-2.6
Less // 106 views
Debian update for drupal6
Highly // 120 views
Debian update for nspr

6th Nov, 2009
New advisories: 17
New vulnerabilities: 65
Updated advisories: 21

Less // 409 views
Debian update for linux-2.6.24
Less // 398 views
Debian update for linux-2.6
Moderately // 359 views
Gentoo update for horde

Solutions | More...  


Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.

Ideas, suggestions, and other feedback are most welcome.

Most Popular - 3 Hours

1. Sun Java JDK / JRE Multiple Vulnerabilities // 104 views
2. Linux Kernel 2.4 Multiple Vulnerabilities // 74 views
3. Google Chrome Two Vulnerabilities // 59 views
4. Internet Explorer Charset Inheritance Cross-Site Scripting Vulnerability // 52 views
5. Adobe Flash Player Multiple Vulnerabilities // 50 views
6. Mozilla Firefox Multiple Vulnerabilities // 46 views
7. Sun Solaris mod_perl Two Vulnerabilities // 40 views
8. Adobe Reader/Acrobat Multiple Vulnerabilities // 37 views
9. OpenSSL TLS Session Renegotiation Plaintext Injection Vulnerability // 35 views
10. Debian update for pidgin // 29 views