CVE-2011-3145

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2011-3145

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2011-3145.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2011-3145

Downstream

DEBIAN-CVE-2011-3145

DSA-2382-1

RHSA-2011:1241

Published

2019-04-22T16:29:00Z

Modified

2025-08-09T20:01:25Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

When mount.ecrpytfsprivate before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfsprivate.

References

http://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/558

Affected packages