Lucene search

[email protected]CVE-2010-0788

HistoryMar 02, 2010 - 6:30 p.m.

CVE-2010-0788

2010-03-0218:30:01

CWE-59

[email protected]

web.nvd.nist.gov

cve-2010-0788

ncpfs

symlink attacks

denial of service

sensitive information

privilege escalation

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.9%

JSON

ncpfs 2.2.6 allows local users to cause a denial of service, obtain sensitive information, or possibly gain privileges via symlink attacks involving the (1) ncpmount and (2) ncpumount programs.

Affected configurations

NVD

Node

ncpfsncpfsMatch2.2.6

CPENameOperatorVersion
ncpfs:ncpfsncpfseq2.2.6

CPE	Name	Operator	Version
ncpfs:ncpfs	ncpfs	eq	2.2.6

References

lists.fedoraproject.org/pipermail/package-announce/2010-January/034403.html

lists.fedoraproject.org/pipermail/package-announce/2010-January/034422.html

lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html

lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html

seclists.org/fulldisclosure/2010/Mar/122

secunia.com/advisories/38327

secunia.com/advisories/38371

www.securityfocus.com/archive/1/509893/100/0/threaded

www.securityfocus.com/archive/1/509894/100/0/threaded

www.securityfocus.com/bid/38563

bugzilla.redhat.com/show_bug.cgi?id=532940

bugzilla.redhat.com/show_bug.cgi?id=558833

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.9%

JSON

Related for CVE-2010-0788

nessus8 prion1 openvas4 ubuntucve1 cvelist1 nvd2 securityvulns2 cve1