CVE-2007-5159

{"id": "CVE-2007-5159", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-10-01T05:17:00.000", "references": [{"url": "http://secunia.com/advisories/26938", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=298651", "source": "cve@mitre.org"}, {"url": "https://www.redhat.com/archives/fedora-desktop-list/2007-September/msg00163.html", "source": "cve@mitre.org"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00368.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/26938", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=298651", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.redhat.com/archives/fedora-desktop-list/2007-September/msg00163.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00368.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The ntfs-3g package before 1.913-2.fc7 in Fedora 7, and an ntfs-3g package in Ubuntu 7.10/Gutsy, assign incorrect permissions (setuid root) to mount.ntfs-3g, which allows local users with fuse group membership to read from and write to arbitrary block devices, possibly involving a file descriptor leak."}, {"lang": "es", "value": "El paquete ntfs-3g anterior a 1.913-2.fc7 en Fedora 7, y en el paquete kntfs-3g package en Ubuntu 7.10/Gutsy, asigna de forma incorrecta los permisos (setuid root) en mount.ntfs-3g, el cual permite a usuarios locales siendo miembros de fuse leer y escribir dispositivos de bloque de su elecci\u00f3n, posiblemente afectando a un descriptor de fichero d\u00e9bil."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redhat:fedora:7:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EE2027FA-357A-4BE3-9043-6DE8307C040A"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ntfs-3g:ntfs-3g:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED638D1A-D4AB-4070-8D29-C18741D9F98F", "versionEndIncluding": "1.913-1.fc7"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:7.10:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "06FD8602-7069-41C6-B65C-84928EDCE2D6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ntfs-3g:ntfs-3g:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BBCA444C-CDF1-44A5-A00B-4258F8657B09"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}