Published: 15/02/2014 Updated: 08/03/2014

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

VMScore: 409

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

utils/mount.ecryptfs_private.c in ecryptfs-utils prior to 90 does not properly check mountpoint permissions, which allows local users to effectively replace any directory with a new filesystem, and consequently gain privileges, via a mount system call.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ecryptfs ecryptfs-utils 66
ecryptfs ecryptfs-utils 67
ecryptfs ecryptfs-utils 74
ecryptfs ecryptfs-utils 75
ecryptfs ecryptfs-utils 76
ecryptfs ecryptfs-utils 83
ecryptfs ecryptfs-utils 84
ecryptfs ecryptfs utils 59
ecryptfs ecryptfs utils 58
ecryptfs ecryptfs-utils 62
ecryptfs ecryptfs-utils 63
ecryptfs ecryptfs-utils 70
ecryptfs ecryptfs-utils 71
ecryptfs ecryptfs-utils 79
ecryptfs ecryptfs-utils 80
ecryptfs ecryptfs-utils 87
ecryptfs ecryptfs-utils
ecryptfs ecryptfs-utils 68
ecryptfs ecryptfs-utils 69
ecryptfs ecryptfs-utils 77
ecryptfs ecryptfs-utils 78
ecryptfs ecryptfs-utils 85
ecryptfs ecryptfs-utils 86
ecryptfs ecryptfs-utils 64
ecryptfs ecryptfs-utils 65
ecryptfs ecryptfs-utils 72
ecryptfs ecryptfs-utils 73
ecryptfs ecryptfs-utils 81
ecryptfs ecryptfs-utils 82
ecryptfs ecryptfs utils 61
ecryptfs ecryptfs utils 60

eCryptfs could be tricked into mounting and unmounting arbitrary locations, and possibly disclose confidential information ...

CWE-264 https://launchpad.net/ecryptfs/+download https://bugzilla.redhat.com/show_bug.cgi?id=729465 http://www.ubuntu.com/usn/USN-1188-1 http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html https://usn.ubuntu.com/1188-1/https://nvd.nist.gov

CVE-2011-1831

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect