When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfs_private.
References
Link | Resource |
---|---|
http://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/558 | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2019-04-22 16:29
Updated : 2024-02-28 17:08
NVD link : CVE-2011-3145
Mitre link : CVE-2011-3145
CVE.ORG link : CVE-2011-3145
JSON object : View
Products Affected
mount.ecrpytfs_private_project
- mount.ecrpytfs_private
CWE
CWE-254
7PK - Security Features