Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2007-5159 | First vendor Publication | 2007-10-01 |
Vendor | Cve | Last vendor Modification | 2008-09-05 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 4.6 | Attack Range | Local |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The ntfs-3g package before 1.913-2.fc7 in Fedora 7, and an ntfs-3g package in Ubuntu 7.10/Gutsy, assign incorrect permissions (setuid root) to mount.ntfs-3g, which allows local users with fuse group membership to read from and write to arbitrary block devices, possibly involving a file descriptor leak. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5159 |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-69 | Target Programs with Elevated Privileges |
CAPEC-104 | Cross Zone Scripting |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-264 | Permissions, Privileges, and Access Controls |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 |
OpenVAS Exploits
Date | Description |
---|---|
2009-02-27 | Name : Fedora Update for fuse FEDORA-2007-2295 File : nvt/gb_fedora_2007_2295_fuse_fc7.nasl |
2009-02-27 | Name : Fedora Update for ntfs-3g FEDORA-2007-2295 File : nvt/gb_fedora_2007_2295_ntfs-3g_fc7.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
41393 | Multiple Linux ntfs-3g mount.ntfs-3g Permission Weakness Local Privilege Esca... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2007-11-06 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2007-2295.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2020-05-23 01:38:49 |
|
2020-05-23 00:20:31 |
|
2016-06-28 23:56:54 |
|
2016-04-26 16:39:06 |
|
2014-02-17 10:41:55 |
|
2013-05-11 10:37:47 |
|