{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "credits": [{"lang": "en", "value": "John L. Templer"}], "datePublic": "2011-08-23T00:00:00", "descriptions": [{"lang": "en", "value": "When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfs_private."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-04-22T15:35:58", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/558"}], "source": {"advisory": "https://usn.ubuntu.com/1196-1/", "defect": ["https://bugs.launchpad.net/ubuntu/%2Bsource/ecryptfs-utils/%2Bbug/830850"], "discovery": "EXTERNAL"}, "title": "mount.ecrpytfs_private sets group owner of /etc/mtab to user's primary group", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "DATE_PUBLIC": "2011-08-23T00:00:00.000Z", "ID": "CVE-2011-3145", "STATE": "PUBLIC", "TITLE": "mount.ecrpytfs_private sets group owner of /etc/mtab to user's primary group"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "credit": [{"lang": "eng", "value": "John L. Templer"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfs_private."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/558", "refsource": "MISC", "url": "http://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/558"}]}, "source": {"advisory": "https://usn.ubuntu.com/1196-1/", "defect": ["https://bugs.launchpad.net/ubuntu/%2Bsource/ecryptfs-utils/%2Bbug/830850"], "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T23:22:27.618Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/558"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-3145", "datePublished": "2019-04-22T15:35:58.852756Z", "dateReserved": "2011-08-16T00:00:00", "dateUpdated": "2024-09-16T22:51:14.054Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mount.ecrpytfs_private_project:mount.ecrpytfs_private:-:*:*:*:*:*:*:*", "matchCriteriaId": "A969F2F0-A651-41FE-AEC5-B223DF5DEA48", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfs_private."}, {"lang": "es", "value": "Cuando Mount. ecrpytfs_private anterior a la versi\u00f3n 87-0ubuntu 1.2 llamadas setreuid () tampoco establece el ID de grupo efectivo. Por lo tanto, cuando se crea la nueva versi\u00f3n, mtab. tmp, se crea con el identificador de grupo del usuario que ejecuta Mount. ecryptfs_private."}], "id": "CVE-2011-3145", "lastModified": "2019-10-09T23:03:23.897", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L", "version": "3.0"}, "exploitabilityScore": 2.0, "impactScore": 1.4, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2019-04-22T16:29:00.287", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "http://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/558"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-254"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2011:1241", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "ecryptfs-utils-0:75-5.el5_7.2", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2011-08-31T00:00:00Z"}, {"advisory": "RHSA-2011:1241", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "ecryptfs-utils-0:82-6.el6_1.3", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2011-08-31T00:00:00Z"}], "bugzilla": {"description": "ecryptfs-utils: incorrect mtab group ownership", "id": "732607", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=732607"}, "csaw": false, "cvss": {"cvss_base_score": "4.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "status": "verified"}, "details": ["When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfs_private."], "name": "CVE-2011-3145", "public_date": "2011-08-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2011-3145\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-3145"], "threat_severity": "Moderate"}