Mount.ecrpytfs Private Project: Security Vulnerabilities
When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfs_private.
CVSS Score
3.8
EPSS Score
0.002
Published
2019-04-22