Bug 572551 (CVE-2010-0790, CVE-2010-0791)

Summary: CVE-2010-0790 CVE-2010-0791 ncpfs: Information disclosure and denial of service
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: vcrhonek
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://seclists.org/fulldisclosure/2010/Mar/122
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-10-19 09:11:33 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 572554    
Bug Blocks:    

Description Jan Lieskovsky 2010-03-11 14:24:27 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-0790 to
the following vulnerability:

sutil/ncpumount.c in ncpumount in ncpfs 2.2.6 produces certain
detailed error messages about the results of privileged file-access
attempts, which allows local users to determine the existence of
arbitrary files via the mountpoint name.

References:
  [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0790
  [2] http://www.securityfocus.com/archive/1/archive/1/509894/100/0/threaded
  [3] http://www.securityfocus.com/archive/1/archive/1/509893/100/0/threaded
  [4] http://seclists.org/fulldisclosure/2010/Mar/122
  [5] http://www.securityfocus.com/bid/38563

--

Common Vulnerabilities and Exposures assigned an identifier CVE-2010-0791 to
the following vulnerability:

The (1) ncpmount, (2) ncpumount, and (3) ncplogin programs in ncpfs
2.2.6 do not properly create lock files, which allows local users to
cause a denial of service (application failure) via unspecified
vectors that trigger the creation of a /etc/mtab~ file that persists
after the program exits.

References:
  [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0791
  [2] http://www.securityfocus.com/archive/1/archive/1/509894/100/0/threaded
  [3] http://www.securityfocus.com/archive/1/archive/1/509893/100/0/threaded
  [4] http://seclists.org/fulldisclosure/2010/Mar/122
  [5] http://www.securityfocus.com/bid/38563

--

Patch from Dan Rosenberg to address both issues (once ncpfs
was patched against CVE-2010-0788 -- CVE-2009-3297):
  [1] http://seclists.org/fulldisclosure/2010/Mar/att-122/ncpfs-2_2_6_partial.patch
Comment 1 Jan Lieskovsky 2010-03-11 14:25:50 UTC 
These issues affect the versions of the ncpfs package, 
as shipped with Fedora release of 11 and 12.

Please fix.