Bugtraq mailing list archives

[linux-security] ncpmount/ncpumount

From: zarq () 1stnet com (Runar Jensen)
Date: Sun, 20 Oct 1996 18:25:56 -0500


I haven't had a chance to look at the source code yet, but it appears that
ncpmount and ncpumount suffer from exactly the same problem that mount and
umount did. In fact, the mount exploit that was so widely circulated works
with ncpumount with no modifications.

ncpmount/ncpumount are part of the ncpfs package, which allows Linux to
communicate with Netware servers. From the manpage:

    ncpfs is a linux filesystem which understands the NCP protocol.
    This is the protocol Novell NetWare clients use to talk to NetWare
    servers. ncpfs was inspired by lwared, a free NetWare emulator for
    Linux written by Ales Dryak. See ftp://klokan.sh.cvut.cz/pub/linux
    for this very intersting program.

I'm not sure what the latest version of this package is; the one I used to
verify this is v0.18.

[REW: The test squad reported that the latest version still has this
bug....]

.../ru

----------------------------------------------------------------------------
Runar Jensen         | Phone: (318) 289-0125 | E-mail:  zarq () 1stnet com
System Administrator | Fax:   (318) 235-1447 | E-pager: zarq () page 1stnet com
FirstNet of Acadiana | Pager: (318) 268-8556 |          [message in subject]
----------------------------------------------------------------------------

Current thread:

[linux-security] ncpmount/ncpumount Runar Jensen (Oct 20)
- <Possible follow-ups>
- Re: [linux-security] ncpmount/ncpumount Thomas Roessler (Oct 21)
  - Re: [linux-security] ncpmount/ncpumount Alan Cox (Oct 21)