Skip to navigation

Security Advisory ncpfs security update

Advisory: RHSA-2005:371-06
Type: Security Advisory
Severity: Moderate
Issued on: 2005-05-17
Last updated on: 2005-05-17
Affected Products: Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
CVEs (cve.mitre.org): CVE-2005-0013

Details

An updated ncpfs package is now available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Ncpfs is a file system that understands the Novell NetWare(TM) NCP
protocol.

A bug was found in the way ncpfs handled file permissions. ncpfs did not
sufficiently check if the file owner matched the user attempting to access
the file, potentially violating the file permissions. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-0013 to this issue.

All users of ncpfs are advised to upgrade to this updated package, which
contains backported fixes for this issue.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains
the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Enterprise Linux AS (v. 2.1)

SRPMS:
ftp://updates.redhat.com/rhn/repository/NULL/ncpfs/2.2.0.18-6.EL2/SRPMS/ncpfs-2.2.0.18-6.EL2.src.rpm
Missing file
    MD5: 97fc82b06243d3344766a6c83d7ce2cc
 
IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/ipxutils/2.2.0.18-6.EL2/i386/ipxutils-2.2.0.18-6.EL2.i386.rpm
Missing file
    MD5: 8000785605e0093e0a51689a63fa56c9
ftp://updates.redhat.com/rhn/repository/NULL/ncpfs/2.2.0.18-6.EL2/i386/ncpfs-2.2.0.18-6.EL2.i386.rpm
Missing file
    MD5: d38e5b535f4fc5a14d456a13b22c0532
 
IA-64:
ftp://updates.redhat.com/rhn/repository/NULL/ipxutils/2.2.0.18-6.EL2/ia64/ipxutils-2.2.0.18-6.EL2.ia64.rpm
Missing file
    MD5: 1a46f4110cccbcebfc679f1371774c88
ftp://updates.redhat.com/rhn/repository/NULL/ncpfs/2.2.0.18-6.EL2/ia64/ncpfs-2.2.0.18-6.EL2.ia64.rpm
Missing file
    MD5: 4e5a20f0012d01b177762ed8c557105f
 
Red Hat Enterprise Linux ES (v. 2.1)

SRPMS:
ftp://updates.redhat.com/rhn/repository/NULL/ncpfs/2.2.0.18-6.EL2/SRPMS/ncpfs-2.2.0.18-6.EL2.src.rpm
Missing file
    MD5: 97fc82b06243d3344766a6c83d7ce2cc
 
IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/ipxutils/2.2.0.18-6.EL2/i386/ipxutils-2.2.0.18-6.EL2.i386.rpm
Missing file
    MD5: 8000785605e0093e0a51689a63fa56c9
ftp://updates.redhat.com/rhn/repository/NULL/ncpfs/2.2.0.18-6.EL2/i386/ncpfs-2.2.0.18-6.EL2.i386.rpm
Missing file
    MD5: d38e5b535f4fc5a14d456a13b22c0532
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor

SRPMS:
ftp://updates.redhat.com/rhn/repository/NULL/ncpfs/2.2.0.18-6.EL2/SRPMS/ncpfs-2.2.0.18-6.EL2.src.rpm
Missing file
    MD5: 97fc82b06243d3344766a6c83d7ce2cc
 
IA-64:
ftp://updates.redhat.com/rhn/repository/NULL/ipxutils/2.2.0.18-6.EL2/ia64/ipxutils-2.2.0.18-6.EL2.ia64.rpm
Missing file
    MD5: 1a46f4110cccbcebfc679f1371774c88
ftp://updates.redhat.com/rhn/repository/NULL/ncpfs/2.2.0.18-6.EL2/ia64/ncpfs-2.2.0.18-6.EL2.ia64.rpm
Missing file
    MD5: 4e5a20f0012d01b177762ed8c557105f
 

Bugs fixed (see bugzilla for more information)

144691 - CAN-2005-0013 Unauthorised file access in ncpfs 2.2.x


References


Keywords

ncpfs


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/