7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
24.5%
CentOS Errata and Security Advisory CESA-2005:371-01
Ncpfs is a file system that understands the Novell NetWare™ NCP
protocol.
A bug was found in the way ncpfs handled file permissions. ncpfs did not
sufficiently check if the file owner matched the user attempting to access
the file, potentially violating the file permissions. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-0013 to this issue.
All users of ncpfs are advised to upgrade to this updated package, which
contains backported fixes for this issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2005-May/073830.html
Affected packages:
ipxutils
ncpfs
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 2 | i386 | ipxutils | < 2.2.0.18-6.EL2 | ipxutils-2.2.0.18-6.EL2.i386.rpm |
CentOS | 2 | i386 | ncpfs | < 2.2.0.18-6.EL2 | ncpfs-2.2.0.18-6.EL2.i386.rpm |