CVE-2007-5159

NameCVE-2007-5159
DescriptionThe ntfs-3g package before 1.913-2.fc7 in Fedora 7, and an ntfs-3g package in Ubuntu 7.10/Gutsy, assign incorrect permissions (setuid root) to mount.ntfs-3g, which allows local users with fuse group membership to read from and write to arbitrary block devices, possibly involving a file descriptor leak.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
Debian Bugs445315

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ntfs-3g (PTS)buster1:2017.3.23AR.3-3+deb10u2fixed
buster (security)1:2017.3.23AR.3-3+deb10u3fixed
bullseye (security), bullseye1:2017.3.23AR.3-4+deb11u3fixed
bookworm, sid1:2022.10.3-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ntfs-3gsource(unstable)1:1.913-2medium445315

Search for package or bug name: Reporting problems