NCPFS Multiple Remote Vulnerabilities

Multiple remote vulnerabilities affect ncpfs. The utility fails to manage access privileges securely and to validate the length of user-supplied strings before copying them into finite process buffers.

The first issue is a remote buffer-overflow vulnerability. The second issue is an access-validation issue due to the setuid privileges of ncpfs utilities.

An attacker may leverage these issues to execute arbitrary code with the privileges of the affected application and to access arbitrary files with the escalated privileges.


 

Privacy Statement
Copyright 2010, SecurityFocus