Описание
When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfs_private.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 91-0ubuntu1 |
| hardy | not-affected | code not present |
| lucid | released | 83-0ubuntu3.2.10.04.2 |
| maverick | released | 83-0ubuntu3.2.10.10.2 |
| natty | released | 87-0ubuntu1.2 |
| upstream | needs-triage |
Показывать по
EPSS
7.5 High
CVSS2
3.8 Low
CVSS3
Связанные уязвимости
When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfs_private.
When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfs_private.
When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreui ...
When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfs_private.
ELSA-2011-1241: ecryptfs-utils security update (MODERATE)
EPSS
7.5 High
CVSS2
3.8 Low
CVSS3