CVE-2010-0788 : ncpfs 2.2.6 allows local users to cause a denial of service, obtain sensitive information, or possibly gain privileges v

ncpfs 2.2.6 allows local users to cause a denial of service, obtain sensitive information, or possibly gain privileges via symlink attacks involving the (1) ncpmount and (2) ncpumount programs.

Published 2010-03-02 18:30:01

Updated 2018-10-10 19:53:37

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Exploit prediction scoring system (EPSS) score for CVE-2010-0788

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 8 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2010-0788

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.4	MEDIUM	AV:L/AC:M/Au:N/C:P/I:P/A:P	3.4	6.4	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2010-0788

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2010-0788

http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html

[security-announce] SUSE Security Summary Report: SUSE-SR:2010:013

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html

[security-announce] SUSE Security Summary Report: SUSE-SR:2010:012

CVEs referencing this url
http://www.securityfocus.com/bid/38563

ncpfs Multiple Local Vulnerabilities

CVEs referencing this url
http://www.securityfocus.com/archive/1/509894/100/0/threaded

SecurityFocus

CVEs referencing this url
http://www.securityfocus.com/archive/1/509893/100/0/threaded

SecurityFocus

CVEs referencing this url
http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034403.html

[SECURITY] Fedora 12 Update: ncpfs-2.2.6-13.fc12
http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034422.html

[SECURITY] Fedora 11 Update: ncpfs-2.2.6-12.fc11
https://bugzilla.redhat.com/show_bug.cgi?id=558833

558833 – CVE-2009-3297 samba, fuse, ncpfs: Race condition by mount (mount.cifs, ncpmount) / umount (fusermount, ncpumount) operations [Fedora all]

CVEs referencing this url
http://seclists.org/fulldisclosure/2010/Mar/122

Full Disclosure: ncpfs, Multiple Vulnerabilities

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=532940

532940 – (CVE-2010-0788) CVE-2010-0788 ncpfs: Race condition by mount (ncpmount) / umount (ncpumount) operations

CVEs referencing this url

Products affected by CVE-2010-0788

Ncpfs » Ncpfs » Version: 2.2.6
cpe:2.3:a:ncpfs:ncpfs:2.2.6:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2010-0788

Exploit prediction scoring system (EPSS) score for CVE-2010-0788

CVSS scores for CVE-2010-0788

CWE ids for CVE-2010-0788

References for CVE-2010-0788

Products affected by CVE-2010-0788