CVE-2011-3145

When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfs_private.
Configurations

Configuration 1 (hide)

cpe:2.3:a:mount.ecrpytfs_private_project:mount.ecrpytfs_private:-:*:*:*:*:*:*:*

History

21 Nov 2024, 01:29

Type Values Removed Values Added
References () http://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/558 - Patch, Third Party Advisory () http://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/558 - Patch, Third Party Advisory
CVSS v2 : 7.5
v3 : 9.8
v2 : 7.5
v3 : 3.8

Information

Published : 2019-04-22 16:29

Updated : 2024-11-21 01:29


NVD link : CVE-2011-3145

Mitre link : CVE-2011-3145

CVE.ORG link : CVE-2011-3145


JSON object : View

Products Affected

mount.ecrpytfs_private_project

  • mount.ecrpytfs_private
CWE
CWE-254

7PK - Security Features