[1251] in linux-security and linux-alert archive
[linux-security] ncpmount/ncpumount
daemon@ATHENA.MIT.EDU (Runar Jensen)
Sun Oct 20 07:34:09 1996
From: Runar Jensen <zarq@1stnet.com>
To: linux-security@tarsier.cv.nrao.edu
Date: Sun, 13 Oct 1996 19:07:32 -0500
I haven't had a chance to look at the source code yet, but it appears that
ncpmount and ncpumount suffer from exactly the same problem that mount and
umount did. In fact, the mount exploit that was so widely circulated works
with ncpumount with no modifications.
ncpmount/ncpumount are part of the ncpfs package, which allows Linux to
communicate with Netware servers. From the manpage:
ncpfs is a linux filesystem which understands the NCP protocol.
This is the protocol Novell NetWare clients use to talk to NetWare
servers. ncpfs was inspired by lwared, a free NetWare emulator for
Linux written by Ales Dryak. See ftp://klokan.sh.cvut.cz/pub/linux
for this very intersting program.
I'm not sure what the latest version of this package is; the one I used to
verify this is v0.18.
[REW: The test squad reported that the latest version still has this
bug....]
.../ru
----------------------------------------------------------------------------
Runar Jensen | Phone: (318) 289-0125 | E-mail: zarq@1stnet.com
System Administrator | Fax: (318) 235-1447 | E-pager: zarq@page.1stnet.com
FirstNet of Acadiana | Pager: (318) 268-8556 | [message in subject]
----------------------------------------------------------------------------