Описание
When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfs_private.
Ссылки
- PatchThird Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
EPSS
3.8 Low
CVSS3
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
Связанные уязвимости
When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfs_private.
When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfs_private.
When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreui ...
When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfs_private.
ELSA-2011-1241: ecryptfs-utils security update (MODERATE)
EPSS
3.8 Low
CVSS3
9.8 Critical
CVSS3
7.5 High
CVSS2