Insecure Group ID Assignment in mount.ecryptfs_private

Insecure Group ID Assignment in mount.ecryptfs_private

CVE-2011-3145 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfs_private.

Learn more about our Cis Benchmark Audit For Ubuntu Linux.