lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <E1CwCAt-0008La-I5@updates.mandrakesoft.com>
Date: Tue, 01 Feb 2005 21:31:31 -0700
From: Mandrakelinux Security Team <security@...ux-mandrake.com>
To: bugtraq@...urityfocus.com
Subject: MDKSA-2005:028 - Updated ncpfs packages fix vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           ncpfs
 Advisory ID:            MDKSA-2005:028
 Date:                   February 1st, 2005

 Affected versions:	 10.0, 10.1, Corporate Server 2.1,
			 Corporate Server 3.0
 ______________________________________________________________________

 Problem Description:

 Erik Sjolund discovered two vulnerabilities in programs bundled with
 ncpfs.  Due to a flaw in nwclient.c, utilities that use the NetWare
 client functions insecurely access files with elevated privileges
 (CAN-2005-0013), and there is a potentially exploitable buffer overflow
 in the ncplogin program (CAN-2005-0014).
 
 As well, an older vulnerability found by Karol Wiesek is corrected with
 these new versions of ncpfs.  Karol found a buffer overflow in the
 handling of the '-T' option in the ncplogin and ncpmap utilities
 (CAN-2004-1079).
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1079
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0013
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0014
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 26507b12e312d06ad7a0250fd29c2fc9  10.0/RPMS/ipxutils-2.2.6-0.1.100mdk.i586.rpm
 31054e1560e02396af427feb8d0bb9e0  10.0/RPMS/libncpfs2.3-2.2.6-0.1.100mdk.i586.rpm
 ae8ea25eebe37782e4315da2ea4ac469  10.0/RPMS/libncpfs2.3-devel-2.2.6-0.1.100mdk.i586.rpm
 b3988245505c1bf1bf4f5da5c502f22a  10.0/RPMS/ncpfs-2.2.6-0.1.100mdk.i586.rpm
 d841a4aac6f48ef283dbe84f7385b2cb  10.0/SRPMS/ncpfs-2.2.6-0.1.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 9097da50d267751a64f5a9533f84f385  amd64/10.0/RPMS/ipxutils-2.2.6-0.1.100mdk.amd64.rpm
 acec5bc11c51a724002860e7e2c9b741  amd64/10.0/RPMS/lib64ncpfs2.3-2.2.6-0.1.100mdk.amd64.rpm
 dc21cc53b30d974ce146da962edde2b2  amd64/10.0/RPMS/lib64ncpfs2.3-devel-2.2.6-0.1.100mdk.amd64.rpm
 af24f5eca27924522f8c84ae0f39dc45  amd64/10.0/RPMS/ncpfs-2.2.6-0.1.100mdk.amd64.rpm
 d841a4aac6f48ef283dbe84f7385b2cb  amd64/10.0/SRPMS/ncpfs-2.2.6-0.1.100mdk.src.rpm

 Mandrakelinux 10.1:
 9a6f8acfb1290af92171a23696cc7398  10.1/RPMS/ipxutils-2.2.6-0.1.101mdk.i586.rpm
 ad4eba0c498de9884c1e7f3bb8f14452  10.1/RPMS/libncpfs2.3-2.2.6-0.1.101mdk.i586.rpm
 a7ad4a7f0ce4cb2723dc5d48d0ddcc21  10.1/RPMS/libncpfs2.3-devel-2.2.6-0.1.101mdk.i586.rpm
 d283bbbac0839f1866909efc4ffdb62d  10.1/RPMS/ncpfs-2.2.6-0.1.101mdk.i586.rpm
 887f5d5c3f2d19f7c2cd64e74a80391e  10.1/SRPMS/ncpfs-2.2.6-0.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 3eeb4ea7fe45ec1f58d4ae5b523627fe  x86_64/10.1/RPMS/ipxutils-2.2.6-0.1.101mdk.x86_64.rpm
 c3758043e2bd3ddc24f5c3e34be2cc93  x86_64/10.1/RPMS/lib64ncpfs2.3-2.2.6-0.1.101mdk.x86_64.rpm
 11539d55f026d1ef9907e27ffd8d4cc2  x86_64/10.1/RPMS/lib64ncpfs2.3-devel-2.2.6-0.1.101mdk.x86_64.rpm
 a10864210cf07d875b770b3f34caa47d  x86_64/10.1/RPMS/ncpfs-2.2.6-0.1.101mdk.x86_64.rpm
 887f5d5c3f2d19f7c2cd64e74a80391e  x86_64/10.1/SRPMS/ncpfs-2.2.6-0.1.101mdk.src.rpm

 Corporate Server 2.1:
 8fe930fd368a97b4f20ae4bca84a9761  corporate/2.1/RPMS/ipxutils-2.2.6-0.1.C21mdk.i586.rpm
 fc4d61b54dd07f64aa613bdf7a4016a0  corporate/2.1/RPMS/ncpfs-2.2.6-0.1.C21mdk.i586.rpm
 0f6237f2270b31c7e1bcb38b01ba5017  corporate/2.1/SRPMS/ncpfs-2.2.6-0.1.C21mdk.src.rpm

 Corporate Server 2.1/x86_64:
 8853eb122b8794c8a9a6e8f304deab7b  x86_64/corporate/2.1/RPMS/ipxutils-2.2.6-0.1.C21mdk.x86_64.rpm
 301cd5bb7f068467f4e35752c7f6dc0a  x86_64/corporate/2.1/RPMS/ncpfs-2.2.6-0.1.C21mdk.x86_64.rpm
 0f6237f2270b31c7e1bcb38b01ba5017  x86_64/corporate/2.1/SRPMS/ncpfs-2.2.6-0.1.C21mdk.src.rpm

 Corporate Server 3.0:
 a59c9cf6fa986df07406af63d204c01d  corporate/3.0/RPMS/ipxutils-2.2.6-0.1.C30mdk.i586.rpm
 4cca91d9bffdb6989edc498fa5545542  corporate/3.0/RPMS/libncpfs2.3-2.2.6-0.1.C30mdk.i586.rpm
 01221b951c46c7c989c67edddaf988c2  corporate/3.0/RPMS/libncpfs2.3-devel-2.2.6-0.1.C30mdk.i586.rpm
 eb433fe9482cbb74634169330e51720c  corporate/3.0/RPMS/ncpfs-2.2.6-0.1.C30mdk.i586.rpm
 3fe66a2f8e1fa32dea3cdf95557c6b41  corporate/3.0/SRPMS/ncpfs-2.2.6-0.1.C30mdk.src.rpm

 Corporate Server 3.0/x86_64:
 5ef7e7e41733515a9cf2dcdbb7da2077  x86_64/corporate/3.0/RPMS/ipxutils-2.2.6-0.1.C30mdk.x86_64.rpm
 5e43e4f0528b48d44fdcecd8daa41301  x86_64/corporate/3.0/RPMS/lib64ncpfs2.3-2.2.6-0.1.C30mdk.x86_64.rpm
 ab83b39e1df11230e86973816092f4ab  x86_64/corporate/3.0/RPMS/lib64ncpfs2.3-devel-2.2.6-0.1.C30mdk.x86_64.rpm
 2e29f744a8757ff7801c03b73ee8ace6  x86_64/corporate/3.0/RPMS/ncpfs-2.2.6-0.1.C30mdk.x86_64.rpm
 3fe66a2f8e1fa32dea3cdf95557c6b41  x86_64/corporate/3.0/SRPMS/ncpfs-2.2.6-0.1.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCAFejmqjQ0CJFipgRAm1/AJ4ig5l+GCsCbJFZ9xnQX/2S8MEMbgCfcmLi
RdaWXMAgpI1QqC+I4NTcKnE=
=kAGY
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ