CVE-2010-0788

ncpfs <2.2.6 - DoS/Info Disclosure

Title source: llm

Description

ncpfs 2.2.6 allows local users to cause a denial of service, obtain sensitive information, or possibly gain privileges via symlink attacks involving the (1) ncpmount and (2) ncpumount programs.

Exploits (1)

exploitdb WORKING POC VERIFIED

by super · bashlocallinux

https://www.exploit-db.com/exploits/779

View Code ZIP pw:eip

References (12)

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html

[Mailing List] http://seclists.org/fulldisclosure/2010/Mar/122

[Vendor Advisory] http://secunia.com/advisories/38327

[Vendor Advisory] http://secunia.com/advisories/38371

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=532940

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=558833

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/509893/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/509894/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/38563

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034403.html

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034422.html

Scores

EPSS 0.0021

EPSS Percentile 43.1%

Details

CWE

CWE-59

Status published

Products (1)

ncpfs/ncpfs 2.2.6

Published Mar 02, 2010

Tracked Since Feb 18, 2026