[3516] in bugtraq
[linux-security] ncpmount/ncpumount
daemon@ATHENA.MIT.EDU (Runar Jensen)
Sun Oct 20 22:09:37 1996
Date: Sun, 20 Oct 1996 18:25:56 -0500
Reply-To: Runar Jensen <zarq@1stnet.com>
From: Runar Jensen <zarq@1stnet.com>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
I haven't had a chance to look at the source code yet, but it appears that
ncpmount and ncpumount suffer from exactly the same problem that mount and
umount did. In fact, the mount exploit that was so widely circulated works
with ncpumount with no modifications.
ncpmount/ncpumount are part of the ncpfs package, which allows Linux to
communicate with Netware servers. From the manpage:
ncpfs is a linux filesystem which understands the NCP protocol.
This is the protocol Novell NetWare clients use to talk to NetWare
servers. ncpfs was inspired by lwared, a free NetWare emulator for
Linux written by Ales Dryak. See ftp://klokan.sh.cvut.cz/pub/linux
for this very intersting program.
I'm not sure what the latest version of this package is; the one I used to
verify this is v0.18.
[REW: The test squad reported that the latest version still has this
bug....]
.../ru
----------------------------------------------------------------------------
Runar Jensen | Phone: (318) 289-0125 | E-mail: zarq@1stnet.com
System Administrator | Fax: (318) 235-1447 | E-pager: zarq@page.1stnet.com
FirstNet of Acadiana | Pager: (318) 268-8556 | [message in subject]
----------------------------------------------------------------------------
