First published: Sun Apr 10 2011(Updated: )
ncpmount in ncpfs 2.2.6 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
ncpfs | <=2.2.6 | |
ncpfs | =2.2.1 | |
ncpfs | =2.2.2 | |
ncpfs | =2.2.3 | |
ncpfs | =2.2.4 | |
ncpfs | =2.2.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2011-1680 is considered to have an unspecified impact and local attack vectors.
To mitigate CVE-2011-1680, update ncpfs to version 2.2.7 or later, where this vulnerability has been addressed.
CVE-2011-1680 affects ncpfs versions 2.2.6 and earlier.
A potential workaround for CVE-2011-1680 is to manually remove the /etc/mtab~ lock file after a failed mount attempt.
Systems running ncpfs versions up to 2.2.6 may be vulnerable to CVE-2011-1680.