Vulnerabilites related to mount.ecrpytfs_private_project - mount.ecrpytfs_private
Vulnerability from fkie_nvd
Published
2019-04-22 16:29
Modified
2024-11-21 01:29
Severity ?
3.8 (Low) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfs_private.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/558 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/558 | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mount.ecrpytfs_private_project | mount.ecrpytfs_private | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mount.ecrpytfs_private_project:mount.ecrpytfs_private:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A969F2F0-A651-41FE-AEC5-B223DF5DEA48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn\u0027t also set the effective group id. So when it creates the new version, mtab.tmp, it\u0027s created with the group id of the user running mount.ecryptfs_private."
},
{
"lang": "es",
"value": "Cuando Mount. ecrpytfs_private anterior a la versi\u00f3n 87-0ubuntu 1.2 llamadas setreuid () tampoco establece el ID de grupo efectivo. Por lo tanto, cuando se crea la nueva versi\u00f3n, mtab. tmp, se crea con el identificador de grupo del usuario que ejecuta Mount. ecryptfs_private."
}
],
"id": "CVE-2011-3145",
"lastModified": "2024-11-21T01:29:50.300",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.0,
"impactScore": 1.4,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-22T16:29:00.287",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/558"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/558"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-254"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2011-3145 (GCVE-0-2011-3145)
Vulnerability from cvelistv5
Published
2019-04-22 15:35
Modified
2024-09-16 22:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfs_private.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:22:27.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/558"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "John L. Templer"
}
],
"datePublic": "2011-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn\u0027t also set the effective group id. So when it creates the new version, mtab.tmp, it\u0027s created with the group id of the user running mount.ecryptfs_private."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-22T15:35:58",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/558"
}
],
"source": {
"advisory": "https://usn.ubuntu.com/1196-1/",
"defect": [
"https://bugs.launchpad.net/ubuntu/%2Bsource/ecryptfs-utils/%2Bbug/830850"
],
"discovery": "EXTERNAL"
},
"title": "mount.ecrpytfs_private sets group owner of /etc/mtab to user\u0027s primary group",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_PUBLIC": "2011-08-23T00:00:00.000Z",
"ID": "CVE-2011-3145",
"STATE": "PUBLIC",
"TITLE": "mount.ecrpytfs_private sets group owner of /etc/mtab to user\u0027s primary group"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "John L. Templer"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn\u0027t also set the effective group id. So when it creates the new version, mtab.tmp, it\u0027s created with the group id of the user running mount.ecryptfs_private."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/558",
"refsource": "MISC",
"url": "http://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/558"
}
]
},
"source": {
"advisory": "https://usn.ubuntu.com/1196-1/",
"defect": [
"https://bugs.launchpad.net/ubuntu/%2Bsource/ecryptfs-utils/%2Bbug/830850"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3145",
"datePublished": "2019-04-22T15:35:58.852756Z",
"dateReserved": "2011-08-16T00:00:00",
"dateUpdated": "2024-09-16T22:51:14.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}