CVE-2007-5159

NameCVE-2007-5159
DescriptionThe ntfs-3g package before 1.913-2.fc7 in Fedora 7, and an ntfs-3g package in Ubuntu 7.10/Gutsy, assign incorrect permissions (setuid root) to mount.ntfs-3g, which allows local users with fuse group membership to read from and write to arbitrary block devices, possibly involving a file descriptor leak.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs445315

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ntfs-3g (PTS)jessie, jessie (lts)1:2014.2.15AR.2-1+deb8u7fixed
stretch (security)1:2016.2.22AR.1+dfsg-1+deb9u3fixed
stretch (lts), stretch1:2016.2.22AR.1+dfsg-1+deb9u5fixed
buster, buster (lts)1:2017.3.23AR.3-4+deb11u4~deb10u1fixed
buster (security)1:2017.3.23AR.3-3+deb10u3fixed
bullseye1:2017.3.23AR.3-4+deb11u4fixed
bullseye (security)1:2017.3.23AR.3-4+deb11u3fixed
bookworm1:2022.10.3-1+deb12u2fixed
sid, trixie1:2022.10.3-5fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ntfs-3gsource(unstable)1:1.913-2medium445315

Search for package or bug name: Reporting problems