Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5159

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2007-5159
Last Modified 05 Sep 2008 05:30:02
Published 01 Oct 2007 01:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2007-5159

Summary

The ntfs-3g package before 1.913-2.fc7 in Fedora 7, and an ntfs-3g package in Ubuntu 7.10/Gutsy, assign incorrect permissions (setuid root) to mount.ntfs-3g, which allows local users with fuse group membership to read from and write to arbitrary block devices, possibly involving a file descriptor leak.

Vulnerable Systems

Application

  • Ntfs-3g

  • Ntfs-3g 1.913-1.fc7


References

FEDORA - FEDORA-2007-2295

MLIST - [fedora-desktop-list] 20070918 Re: fuse (Was Re: early-gdm redux)

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=298651

SECUNIA - 26938


Last Updated: 27 May 2016 10:46:06