CVE DATABASE / CVE-2007-5159
CVE-2007-5159
CVSS 4.6 · MEDIUM
Summary
The ntfs-3g package before 1.913-2.fc7 in Fedora 7, and an ntfs-3g package in Ubuntu 7.10/Gutsy, assign incorrect permissions (setuid root) to mount.ntfs-3g, which allows local users with fuse group membership to read from and write to arbitrary block devices, possibly involving a file descriptor leak.
CVSS 2.0 breakdown
| Base score | 4.6 (MEDIUM) |
| Vector | AV:L/AC:L/Au:N/C:P/I:P/A:P |
| Attack vector | LOCAL |
| Attack complexity | LOW |
| Confidentiality | PARTIAL |
| Integrity | PARTIAL |
| Availability | PARTIAL |
Weakness type (CWE)
Affected products
Redhat fedoraNtfs-3g ntfs-3gUbuntu ubuntu linux
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://secunia.com/advisories/26938
- https://bugzilla.redhat.com/show_bug.cgi?id=298651
- https://www.redhat.com/archives/fedora-desktop-list/2007-September/msg00163.html
- https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00368.html
Data: NIST NVD. NVD last modified 2026-04-23. Always verify against the vendor advisory before acting.