Vulnerability Details CVE-2011-3145
When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfs_private.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 46.3%
CVSS Severity
CVSS v3 Score 3.8
CVSS v2 Score 7.5
References
Products affected by CVE-2011-3145
-
cpe:2.3:a:mount.ecrpytfs_private_project:mount.ecrpytfs_private:-