ncpfs 2.2.6 allows local users to cause a denial of service, obtain sensitive information, or possibly gain privileges via symlink attacks involving the (1) ncpmount and (2) ncpumount programs.
The ncpmount, ncpumount, and ncplogin utilities, installed as part of the ncpfs package, contain race conditions, information disclosures, and denial of service vulnerabilities.