CVE-2005-0013
CVSS7.2
发布时间 :2005-05-02 00:00:00
修订时间 :2008-09-10 15:34:45
NMCOP    

[原文]nwclient.c in ncpfs before 2.2.6 does not drop root privileges before executing utilities using the NetWare client functions, which allows local users to gain privileges.


[CNNVD]NCPFS多个远程漏洞(CNNVD-200505-194)

        ncpfs 2.2.6版本之前的nwclient.c在利用NetWare client功能执行各类应用之前并不会丢弃根权限,从而允许本地用户获取各种权限。

- CVSS (基础分值)

CVSS分值: 7.2 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:ncpfs:ncpfs:2.2.1
cpe:/a:ncpfs:ncpfs:2.2.4
cpe:/a:ncpfs:ncpfs:2.2.3
cpe:/a:ncpfs:ncpfs:2.2.2
cpe:/a:ncpfs:ncpfs:2.2.5

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0013
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0013
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200505-194
(官方数据源) CNNVD

- 其它链接及资源

http://www.debian.org/security/2005/dsa-665
(PATCH)  DEBIAN  DSA-665
http://www.gentoo.org/security/en/glsa/glsa-200501-44.xml
(VENDOR_ADVISORY)  GENTOO  GLSA-200501-44
ftp://platan.vc.cvut.cz/pub/linux/ncpfs/Changes-2.2.6
(UNKNOWN)  CONFIRM  ftp://platan.vc.cvut.cz/pub/linux/ncpfs/Changes-2.2.6
http://www.securityfocus.com/bid/12400
(UNKNOWN)  BID  12400
http://www.securityfocus.com/archive/1/archive/1/433927/100/0/threaded
(UNKNOWN)  FEDORA  FLSA:152904
http://www.redhat.com/support/errata/RHSA-2005-371.html
(UNKNOWN)  REDHAT  RHSA-2005:371
http://www.osvdb.org/13297
(UNKNOWN)  OSVDB  13297
http://www.mandriva.com/security/advisories?name=MDKSA-2005:028
(UNKNOWN)  MANDRAKE  MDKSA-2005:028
http://securitytracker.com/id?1013019
(UNKNOWN)  SECTRACK  1013019

- 漏洞信息

NCPFS多个远程漏洞
高危 资料不足
2005-05-02 00:00:00 2005-10-20 00:00:00
远程※本地  
        ncpfs 2.2.6版本之前的nwclient.c在利用NetWare client功能执行各类应用之前并不会丢弃根权限,从而允许本地用户获取各种权限。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://security.debian.org/pool/updates/main/n/ncpfs/ipx_2.2.0.18-10woody2_alpha.deb

- 漏洞信息 (F35965)

Gentoo Linux Security Advisory 200501-44 (PacketStormID:F35965)
2005-02-01 00:00:00
Gentoo  security.gentoo.org
advisory,remote,arbitrary,local
linux,gentoo
CVE-2005-0014,CVE-2005-0013
[点击下载]

Gentoo Linux Security Advisory GLSA 200501-44 - The ncpfs utilities contain multiple flaws, potentially resulting in the remote execution of arbitrary code or local file access with elevated privileges.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200501-44
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: ncpfs: Multiple vulnerabilities
      Date: January 30, 2005
      Bugs: #77414
        ID: 200501-44

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

The ncpfs utilities contain multiple flaws, potentially resulting in
the remote execution of arbitrary code or local file access with
elevated privileges.

Background
==========

ncpfs is a NCP protocol network filesystem driver that allows access to
NetWare services, to mount volumes of NetWare servers or print to
NetWare print queues.

Affected packages
=================

    -------------------------------------------------------------------
     Package       /  Vulnerable  /                         Unaffected
    -------------------------------------------------------------------
  1  net-fs/ncpfs       < 2.2.6                               >= 2.2.6

Description
===========

Erik Sjolund discovered two vulnerabilities in the programs bundled
with ncpfs: there is a potentially exploitable buffer overflow in
ncplogin (CAN-2005-0014), and due to a flaw in nwclient.c, utilities
using the NetWare client functions insecurely access files with
elevated privileges (CAN-2005-0013).

Impact
======

The buffer overflow might allow a malicious remote NetWare server to
execute arbitrary code on the NetWare client. Furthermore, a local
attacker may be able to create links and access files with elevated
privileges using SUID ncpfs utilities.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All ncpfs users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-fs/ncpfs-2.2.6"

References
==========

  [ 1 ] CAN-2005-0013
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0013
  [ 2 ] CAN-2005-0014
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0014
  [ 3 ] ncpfs ChangeLog
        ftp://platan.vc.cvut.cz/pub/linux/ncpfs/Changes-2.2.6

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200501-44.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

    

- 漏洞信息

13297
ncpfs nwclient.c Based Utilities Arbitrary Privileged File Access
Local Access Required
Loss of Confidentiality Upgrade
Vendor Verified

- 漏洞描述

- 时间线

2005-01-30 Unknow
2005-01-30 Unknow

- 解决方案

Upgrade to version 2.2.6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站