CVE-2010-0788

Description

ncpfs 2.2.6 allows local users to cause a denial of service, obtain sensitive information, or possibly gain privileges via symlink attacks involving the (1) ncpmount and (2) ncpumount programs.

References

Link	Tags
http://secunia.com/advisories/38371	third party advisory vendor advisory
http://seclists.org/fulldisclosure/2010/Mar/122	mailing list
https://bugzilla.redhat.com/show_bug.cgi?id=558833
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html	vendor advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034422.html	vendor advisory
http://secunia.com/advisories/38327	third party advisory vendor advisory
http://www.securityfocus.com/archive/1/509893/100/0/threaded	mailing list
http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034403.html	vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html	vendor advisory
https://bugzilla.redhat.com/show_bug.cgi?id=532940
http://www.securityfocus.com/bid/38563	vdb entry
http://www.securityfocus.com/archive/1/509894/100/0/threaded	mailing list

Frequently Asked Questions

What is the severity of CVE-2010-0788?: CVE-2010-0788 has been scored as a medium severity vulnerability.
How to fix CVE-2010-0788?: To fix CVE-2010-0788, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2010-0788 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2010-0788 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.

Description

Category

CWE-59 – Improper Link Resolution Before File Access ('Link Following')

References

Frequently Asked Questions