CVE-2007-5159

NameCVE-2007-5159
DescriptionThe ntfs-3g package before 1.913-2.fc7 in Fedora 7, and an ntfs-3g package in Ubuntu 7.10/Gutsy, assign incorrect permissions (setuid root) to mount.ntfs-3g, which allows local users with fuse group membership to read from and write to arbitrary block devices, possibly involving a file descriptor leak.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium
Debian Bugs445315

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ntfs-3g (PTS)stretch (security), stretch1:2016.2.22AR.1+dfsg-1+deb9u1fixed
buster1:2017.3.23AR.3-3fixed
buster (security)1:2017.3.23AR.3-3+deb10u1fixed
bullseye1:2017.3.23AR.3-4fixed
bullseye (security)1:2017.3.23AR.3-4+deb11u1fixed
bookworm, sid1:2021.8.22-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ntfs-3gsource(unstable)1:1.913-2medium445315
Search for package or bug name: Reporting problems