- Description
- The ntfs-3g package before 1.913-2.fc7 in Fedora 7, and an ntfs-3g package in Ubuntu 7.10/Gutsy, assign incorrect permissions (setuid root) to mount.ntfs-3g, which allows local users with fuse group membership to read from and write to arbitrary block devices, possibly involving a file descriptor leak.
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 2.0
- Type
- Primary
- Base score
- 4.6
- Impact score
- 6.4
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:P/I:P/A:P
- nvd@nist.gov
- CWE-264
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:fedora:7:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "EE2027FA-357A-4BE3-9043-6DE8307C040A"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntfs-3g:ntfs-3g:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ED638D1A-D4AB-4070-8D29-C18741D9F98F",
"versionEndIncluding": "1.913-1.fc7"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:7.10:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "06FD8602-7069-41C6-B65C-84928EDCE2D6"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntfs-3g:ntfs-3g:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BBCA444C-CDF1-44A5-A00B-4258F8657B09"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]