CVE-2007-5159
Severity CVSS v4.0:
Pending analysis
Type:
CWE-264
Permissions, Privileges, and Access Control
Publication date:
01/10/2007
Last modified:
09/04/2025
Description
The ntfs-3g package before 1.913-2.fc7 in Fedora 7, and an ntfs-3g package in Ubuntu 7.10/Gutsy, assign incorrect permissions (setuid root) to mount.ntfs-3g, which allows local users with fuse group membership to read from and write to arbitrary block devices, possibly involving a file descriptor leak.
Impact
Base Score 2.0
4.60
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:redhat:fedora:7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ntfs-3g:ntfs-3g:*:*:*:*:*:*:*:* | 1.913-1.fc7 (including) | |
| cpe:2.3:o:ubuntu:ubuntu_linux:7.10:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ntfs-3g:ntfs-3g:*:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://secunia.com/advisories/26938
- https://bugzilla.redhat.com/show_bug.cgi?id=298651
- https://www.redhat.com/archives/fedora-desktop-list/2007-September/msg00163.html
- https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00368.html
- http://secunia.com/advisories/26938
- https://bugzilla.redhat.com/show_bug.cgi?id=298651
- https://www.redhat.com/archives/fedora-desktop-list/2007-September/msg00163.html
- https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00368.html