From: Mandrakelinux Security Team <security@linux-mandrake.com.>
To: [email protected]Subject: MDKSA-2005:028 - Updated ncpfs packages fix vulnerabilities
Message-Id: <E1CwCAt-0008La-I5@updates.mandrakesoft.com.>
Date: Tue, 01 Feb 2005 21:31:31 -0700
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: ncpfs
Advisory ID: MDKSA-2005:028
Date: February 1st, 2005
Affected versions: 10.0, 10.1, Corporate Server 2.1,
Corporate Server 3.0
______________________________________________________________________
Problem Description:
Erik Sjolund discovered two vulnerabilities in programs bundled with
ncpfs. Due to a flaw in nwclient.c, utilities that use the NetWare
client functions insecurely access files with elevated privileges
(CAN-2005-0013), and there is a potentially exploitable buffer overflow
in the ncplogin program (CAN-2005-0014).
As well, an older vulnerability found by Karol Wiesek is corrected with
these new versions of ncpfs. Karol found a buffer overflow in the
handling of the '-T' option in the ncplogin and ncpmap utilities
(CAN-2004-1079).
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1079http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0013http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0014
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
26507b12e312d06ad7a0250fd29c2fc9 10.0/RPMS/ipxutils-2.2.6-0.1.100mdk.i586.rpm
31054e1560e02396af427feb8d0bb9e0 10.0/RPMS/libncpfs2.3-2.2.6-0.1.100mdk.i586.rpm
ae8ea25eebe37782e4315da2ea4ac469 10.0/RPMS/libncpfs2.3-devel-2.2.6-0.1.100mdk.i586.rpm
b3988245505c1bf1bf4f5da5c502f22a 10.0/RPMS/ncpfs-2.2.6-0.1.100mdk.i586.rpm
d841a4aac6f48ef283dbe84f7385b2cb 10.0/SRPMS/ncpfs-2.2.6-0.1.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
9097da50d267751a64f5a9533f84f385 amd64/10.0/RPMS/ipxutils-2.2.6-0.1.100mdk.amd64.rpm
acec5bc11c51a724002860e7e2c9b741 amd64/10.0/RPMS/lib64ncpfs2.3-2.2.6-0.1.100mdk.amd64.rpm
dc21cc53b30d974ce146da962edde2b2 amd64/10.0/RPMS/lib64ncpfs2.3-devel-2.2.6-0.1.100mdk.amd64.rpm
af24f5eca27924522f8c84ae0f39dc45 amd64/10.0/RPMS/ncpfs-2.2.6-0.1.100mdk.amd64.rpm
d841a4aac6f48ef283dbe84f7385b2cb amd64/10.0/SRPMS/ncpfs-2.2.6-0.1.100mdk.src.rpm
Mandrakelinux 10.1:
9a6f8acfb1290af92171a23696cc7398 10.1/RPMS/ipxutils-2.2.6-0.1.101mdk.i586.rpm
ad4eba0c498de9884c1e7f3bb8f14452 10.1/RPMS/libncpfs2.3-2.2.6-0.1.101mdk.i586.rpm
a7ad4a7f0ce4cb2723dc5d48d0ddcc21 10.1/RPMS/libncpfs2.3-devel-2.2.6-0.1.101mdk.i586.rpm
d283bbbac0839f1866909efc4ffdb62d 10.1/RPMS/ncpfs-2.2.6-0.1.101mdk.i586.rpm
887f5d5c3f2d19f7c2cd64e74a80391e 10.1/SRPMS/ncpfs-2.2.6-0.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
3eeb4ea7fe45ec1f58d4ae5b523627fe x86_64/10.1/RPMS/ipxutils-2.2.6-0.1.101mdk.x86_64.rpm
c3758043e2bd3ddc24f5c3e34be2cc93 x86_64/10.1/RPMS/lib64ncpfs2.3-2.2.6-0.1.101mdk.x86_64.rpm
11539d55f026d1ef9907e27ffd8d4cc2 x86_64/10.1/RPMS/lib64ncpfs2.3-devel-2.2.6-0.1.101mdk.x86_64.rpm
a10864210cf07d875b770b3f34caa47d x86_64/10.1/RPMS/ncpfs-2.2.6-0.1.101mdk.x86_64.rpm
887f5d5c3f2d19f7c2cd64e74a80391e x86_64/10.1/SRPMS/ncpfs-2.2.6-0.1.101mdk.src.rpm
Corporate Server 2.1:
8fe930fd368a97b4f20ae4bca84a9761 corporate/2.1/RPMS/ipxutils-2.2.6-0.1.C21mdk.i586.rpm
fc4d61b54dd07f64aa613bdf7a4016a0 corporate/2.1/RPMS/ncpfs-2.2.6-0.1.C21mdk.i586.rpm
0f6237f2270b31c7e1bcb38b01ba5017 corporate/2.1/SRPMS/ncpfs-2.2.6-0.1.C21mdk.src.rpm
Corporate Server 2.1/x86_64:
8853eb122b8794c8a9a6e8f304deab7b x86_64/corporate/2.1/RPMS/ipxutils-2.2.6-0.1.C21mdk.x86_64.rpm
301cd5bb7f068467f4e35752c7f6dc0a x86_64/corporate/2.1/RPMS/ncpfs-2.2.6-0.1.C21mdk.x86_64.rpm
0f6237f2270b31c7e1bcb38b01ba5017 x86_64/corporate/2.1/SRPMS/ncpfs-2.2.6-0.1.C21mdk.src.rpm
Corporate Server 3.0:
a59c9cf6fa986df07406af63d204c01d corporate/3.0/RPMS/ipxutils-2.2.6-0.1.C30mdk.i586.rpm
4cca91d9bffdb6989edc498fa5545542 corporate/3.0/RPMS/libncpfs2.3-2.2.6-0.1.C30mdk.i586.rpm
01221b951c46c7c989c67edddaf988c2 corporate/3.0/RPMS/libncpfs2.3-devel-2.2.6-0.1.C30mdk.i586.rpm
eb433fe9482cbb74634169330e51720c corporate/3.0/RPMS/ncpfs-2.2.6-0.1.C30mdk.i586.rpm
3fe66a2f8e1fa32dea3cdf95557c6b41 corporate/3.0/SRPMS/ncpfs-2.2.6-0.1.C30mdk.src.rpm
Corporate Server 3.0/x86_64:
5ef7e7e41733515a9cf2dcdbb7da2077 x86_64/corporate/3.0/RPMS/ipxutils-2.2.6-0.1.C30mdk.x86_64.rpm
5e43e4f0528b48d44fdcecd8daa41301 x86_64/corporate/3.0/RPMS/lib64ncpfs2.3-2.2.6-0.1.C30mdk.x86_64.rpm
ab83b39e1df11230e86973816092f4ab x86_64/corporate/3.0/RPMS/lib64ncpfs2.3-devel-2.2.6-0.1.C30mdk.x86_64.rpm
2e29f744a8757ff7801c03b73ee8ace6 x86_64/corporate/3.0/RPMS/ncpfs-2.2.6-0.1.C30mdk.x86_64.rpm
3fe66a2f8e1fa32dea3cdf95557c6b41 x86_64/corporate/3.0/SRPMS/ncpfs-2.2.6-0.1.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFCAFejmqjQ0CJFipgRAm1/AJ4ig5l+GCsCbJFZ9xnQX/2S8MEMbgCfcmLi
RdaWXMAgpI1QqC+I4NTcKnE=
=kAGY
-----END PGP SIGNATURE-----