CVE-2011-3145
Published: 23 August 2011
When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfs_private.
Priority
CVSS 3 base score: 9.8
Status
Package | Release | Status |
---|---|---|
ecryptfs-utils Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
hardy |
Not vulnerable
(code not present)
|
|
lucid |
Released
(83-0ubuntu3.2.10.04.2)
|
|
maverick |
Released
(83-0ubuntu3.2.10.10.2)
|
|
natty |
Released
(87-0ubuntu1.2)
|