Search criteria
3 vulnerabilities found for mount.ecrpytfs_private by mount.ecrpytfs_private_project
FKIE_CVE-2011-3145
Vulnerability from fkie_nvd - Published: 2019-04-22 16:29 - Updated: 2024-11-21 01:29
Severity ?
3.8 (Low) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfs_private.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/558 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/558 | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mount.ecrpytfs_private_project | mount.ecrpytfs_private | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mount.ecrpytfs_private_project:mount.ecrpytfs_private:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A969F2F0-A651-41FE-AEC5-B223DF5DEA48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn\u0027t also set the effective group id. So when it creates the new version, mtab.tmp, it\u0027s created with the group id of the user running mount.ecryptfs_private."
},
{
"lang": "es",
"value": "Cuando Mount. ecrpytfs_private anterior a la versi\u00f3n 87-0ubuntu 1.2 llamadas setreuid () tampoco establece el ID de grupo efectivo. Por lo tanto, cuando se crea la nueva versi\u00f3n, mtab. tmp, se crea con el identificador de grupo del usuario que ejecuta Mount. ecryptfs_private."
}
],
"id": "CVE-2011-3145",
"lastModified": "2024-11-21T01:29:50.300",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.0,
"impactScore": 1.4,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-22T16:29:00.287",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/558"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/558"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-254"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2011-3145 (GCVE-0-2011-3145)
Vulnerability from cvelistv5 – Published: 2019-04-22 15:35 – Updated: 2024-09-16 22:51
VLAI?
Title
mount.ecrpytfs_private sets group owner of /etc/mtab to user's primary group
Summary
When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfs_private.
Severity ?
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Credits
John L. Templer
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:22:27.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/558"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "John L. Templer"
}
],
"datePublic": "2011-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn\u0027t also set the effective group id. So when it creates the new version, mtab.tmp, it\u0027s created with the group id of the user running mount.ecryptfs_private."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-22T15:35:58",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/558"
}
],
"source": {
"advisory": "https://usn.ubuntu.com/1196-1/",
"defect": [
"https://bugs.launchpad.net/ubuntu/%2Bsource/ecryptfs-utils/%2Bbug/830850"
],
"discovery": "EXTERNAL"
},
"title": "mount.ecrpytfs_private sets group owner of /etc/mtab to user\u0027s primary group",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_PUBLIC": "2011-08-23T00:00:00.000Z",
"ID": "CVE-2011-3145",
"STATE": "PUBLIC",
"TITLE": "mount.ecrpytfs_private sets group owner of /etc/mtab to user\u0027s primary group"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "John L. Templer"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn\u0027t also set the effective group id. So when it creates the new version, mtab.tmp, it\u0027s created with the group id of the user running mount.ecryptfs_private."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/558",
"refsource": "MISC",
"url": "http://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/558"
}
]
},
"source": {
"advisory": "https://usn.ubuntu.com/1196-1/",
"defect": [
"https://bugs.launchpad.net/ubuntu/%2Bsource/ecryptfs-utils/%2Bbug/830850"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3145",
"datePublished": "2019-04-22T15:35:58.852756Z",
"dateReserved": "2011-08-16T00:00:00",
"dateUpdated": "2024-09-16T22:51:14.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3145 (GCVE-0-2011-3145)
Vulnerability from nvd – Published: 2019-04-22 15:35 – Updated: 2024-09-16 22:51
VLAI?
Title
mount.ecrpytfs_private sets group owner of /etc/mtab to user's primary group
Summary
When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfs_private.
Severity ?
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Credits
John L. Templer
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:22:27.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/558"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "John L. Templer"
}
],
"datePublic": "2011-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn\u0027t also set the effective group id. So when it creates the new version, mtab.tmp, it\u0027s created with the group id of the user running mount.ecryptfs_private."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-22T15:35:58",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/558"
}
],
"source": {
"advisory": "https://usn.ubuntu.com/1196-1/",
"defect": [
"https://bugs.launchpad.net/ubuntu/%2Bsource/ecryptfs-utils/%2Bbug/830850"
],
"discovery": "EXTERNAL"
},
"title": "mount.ecrpytfs_private sets group owner of /etc/mtab to user\u0027s primary group",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_PUBLIC": "2011-08-23T00:00:00.000Z",
"ID": "CVE-2011-3145",
"STATE": "PUBLIC",
"TITLE": "mount.ecrpytfs_private sets group owner of /etc/mtab to user\u0027s primary group"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "John L. Templer"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn\u0027t also set the effective group id. So when it creates the new version, mtab.tmp, it\u0027s created with the group id of the user running mount.ecryptfs_private."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/558",
"refsource": "MISC",
"url": "http://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/558"
}
]
},
"source": {
"advisory": "https://usn.ubuntu.com/1196-1/",
"defect": [
"https://bugs.launchpad.net/ubuntu/%2Bsource/ecryptfs-utils/%2Bbug/830850"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3145",
"datePublished": "2019-04-22T15:35:58.852756Z",
"dateReserved": "2011-08-16T00:00:00",
"dateUpdated": "2024-09-16T22:51:14.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}