• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

NCPFS Local Buffer Overflow Vulnerability

Bugtraq ID:	11945
Class:	Boundary Condition Error
CVE:	CVE-2004-1079
Remote:	No
Local:	Yes
Published:	Nov 29 2004 12:00AM
Updated:	Nov 30 2006 04:59AM
Credit:	Karol Wiêsek <appelast@drumnbass.art.pl> is credited with the discovery of this issue.
Vulnerable:	RedHat Linux 9.0 i386 RedHat Linux 7.3 i386 RedHat Fedora Core3 RedHat Fedora Core2 RedHat Fedora Core1 ncpfs ncpfs 2.2.5 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Debian Linux 3.0 + Gentoo Linux ncpfs ncpfs 2.2.4 + Conectiva Linux 10.0 + Conectiva Linux 9.0 + Conectiva Linux 8.0 + Conectiva Linux Enterprise Edition 1.0 + S.u.S.E. Linux 8.1 + S.u.S.E. Linux 8.0 + S.u.S.E. Linux Connectivity Server + S.u.S.E. Linux Database Server 0 + S.u.S.E. Linux Desktop 1.0 + S.u.S.E. Linux Enterprise Server 9 + S.u.S.E. Linux Enterprise Server 8 + S.u.S.E. Linux Personal 9.2 + S.u.S.E. Linux Personal 9.1 + S.u.S.E. Linux Personal 9.0 x86_64 + S.u.S.E. Linux Personal 9.0 + S.u.S.E. Linux Personal 8.2 ncpfs ncpfs 2.2.3 ncpfs ncpfs 2.2.2 ncpfs ncpfs 2.2.1 ncpfs ncpfs 2.2 .18 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Debian Linux 3.0 MandrakeSoft Linux Mandrake 10.1 x86_64 MandrakeSoft Linux Mandrake 10.1 MandrakeSoft Linux Mandrake 10.0 AMD64 MandrakeSoft Linux Mandrake 10.0 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0
Not Vulnerable:	ncpfs ncpfs 2.2.5 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Debian Linux 3.0 + Gentoo Linux