subject:"Bug#445315\: CVE\-2007\-5159 priviledge escalation"

Bug#445315: CVE-2007-5159 priviledge escalation

2007-10-06 Thread Szabolcs Szakacsits


Hi,

I added our comments to the origin of the security report:
https://bugzilla.redhat.com/show_bug.cgi?id=298651#c21

Regards,  Szaka

--
NTFS-3G Lead Developer:  http://ntfs-3g.org



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#445315: CVE-2007-5159 priviledge escalation

2007-10-04 Thread Nico Golde

Package: ntfs-3g
Severity: grave
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for ntfs-3g.

CVE-2007-5159[0]:
| The ntfs-3g package before 1.913-2.fc7 in Fedora 7, and an ntfs-3g
| package in Ubuntu 7.10/Gutsy, assign incorrect permissions (setuid
| root) to mount.ntfs-3g, which allows local users with fuse group
| membership to read from and write to arbitrary block devices, possibly
| involving a file descriptor leak.

If you fix this vulnerability please also include the CVE id
in your changelog entry.

For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5159

Kind regards
Nico

-- 
Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.


pgpQJg0j0ZebX.pgp
Description: PGP signature

Bug#445315: CVE-2007-5159 priviledge escalation

Bug#445315: CVE-2007-5159 priviledge escalation

2 matches

Site Navigation

Mail list logo

Footer information