6.3 Medium
AI Score
Confidence
Low
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
23.6%
nwclient.c in ncpfs before 2.2.6 does not drop root privileges before executing utilities using the NetWare client functions, which allows local users to gain privileges.
CPE | Name | Operator | Version |
---|---|---|---|
ncpfs:ncpfs | ncpfs | eq | 2.2.2 |
ncpfs:ncpfs | ncpfs | eq | 2.2.4 |
ncpfs:ncpfs | ncpfs | eq | 2.2.5 |
ncpfs:ncpfs | ncpfs | eq | 2.2.1 |
ncpfs:ncpfs | ncpfs | eq | 2.2.3 |
ftp://platan.vc.cvut.cz/pub/linux/ncpfs/Changes-2.2.6
securitytracker.com/id?1013019
www.debian.org/security/2005/dsa-665
www.gentoo.org/security/en/glsa/glsa-200501-44.xml
www.mandriva.com/security/advisories?name=MDKSA-2005:028
www.osvdb.org/13297
www.redhat.com/support/errata/RHSA-2005-371.html
www.securityfocus.com/archive/1/433927/100/0/threaded
www.securityfocus.com/bid/12400