Bug 22835 - CVE-2009-3297: ncpmount/ncpumount privilege escalation
Summary: CVE-2009-3297: ncpmount/ncpumount privilege escalation
Status: CLOSED FIXED
Alias: None
Product: Sisyphus
Classification: Development
Component: ncpfs (show other bugs)
Version: unstable
Hardware: all Linux
: P3 blocker
Assignee: Nobody's working on this, feel free to take it
QA Contact: qa-sisyphus
URL: https://bugzilla.redhat.com/show_bug....
Keywords: security
Depends on:
Blocks:
 
Reported: 2010-01-27 00:45 MSK by Dmitry V. Levin
Modified: 2011-03-09 07:59 MSK (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Dmitry V. Levin 2010-01-27 00:45:31 MSK 
Daniel Rosenberg found race conditions in the ncpfs ncpmount and ncpumount utilities.  Local, unprivileged user could use these flaws to conduct symlink attacks, leading to denial of service (ncpumount), disclosure of sensitive information, or, possibly to privilege escalation (ncpmount).
Comment 1 Slava Semushin 2011-03-09 07:59:07 MSK 
* Wed Mar 09 2011 Dmitry V. Levin <ldv@altlinux> 2.2.6-alt9
- Imported fix of race conditions in ncpmount/ncpumount operations
 from Fedora (fixes CVE-2009-3297).