Lucene search

K
ubuntucveUbuntu.comUB:CVE-2011-3145
HistoryAug 23, 2011 - 12:00 a.m.

CVE-2011-3145

2011-08-2300:00:00
ubuntu.com
ubuntu.com
8

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

59.9%

When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid()
it doesn’t also set the effective group id. So when it creates the new
version, mtab.tmp, it’s created with the group id of the user running
mount.ecryptfs_private.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchecryptfs-utils< 83-0ubuntu3.2.10.04.2UNKNOWN
ubuntu10.10noarchecryptfs-utils< 83-0ubuntu3.2.10.10.2UNKNOWN
ubuntu11.04noarchecryptfs-utils< 87-0ubuntu1.2UNKNOWN

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

59.9%