CVE: CAN-2004-0010
Updated: Tue, 06 Jul 2004 14:16:25 +0900
Summary: Arjan van de Ven discovered a stack-based buffer overflow in the
         ncp_lookup function for ncpfs in the Linux kernel, which could lead an
         attacker to gain unauthorised privileges. Petr Vandrovec developed a
         correction for this. (text:DSA-479-1)
Priority: High
Status: Closed
Source: DSA-479, RHSA-2004:188-14, FEDORA-2004-079, FEDORA-2004-080, 
Link:  http://www.ultramonkey.org/news_archive.shtml#2004042200
       http://www.ultramonkey.org/news_archive.shtml#2004041600
Resolved In:
  Kernel: 2.4.25-pre7
  Patch: http://linux.bkbits.net:8080/linux-2.4/cset@1.1276.3.9??index.html
  Red Hat Linux 7.3:
          Vendor:      None
          UltraMonkey: kernel-2.4.20-28.7.3.um.3
  Red Hat Linux 8.0:
          Vendor:      None
          UltraMonkey: kernel-2.4.20-28.8.um.3
  Red Hat Linux 9:
          Vendor:      kernel-2.4.20-30.9
          UltraMonkey: kernel-2.4.20-30.9.um.2.i386
  Fedora Core 1:
          Vendor:      kernel-2.4.22-1.2173.nptl, 2.4.22-1.2174.nptl 
          UltraMonkey: kernel-2.4.22-1.2179.nptl.um.1
  Red Hat Enterprise Linux 3:
          Vendor:      kernel-2.4.21-15.EL
          UltraMonkey: kernel-2.4.21-9.0.1.EL.um.2
  Debian Woody:
          Vendor:      kernel-source-2.4.18_2.4.18_2.4.18-14.3
          UltraMonkey: kernel-source-2.4.22-1-ipvs_2.4.22-7woody.um.2
  Debian Sid:
          Vendor:      kernel-source-2.4.25_2.4.25-1
          UltraMonkey: kernel-source-2.4.22-1-ipvs_2.4.22-7.um.2