Published: 15/02/2014 Updated: 08/03/2014

CVSS v2 Base Score: 4.4 | Impact Score: 6.4 | Exploitability Score: 3.4

VMScore: 392

Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

The encrypted private-directory setup process in utils/ecryptfs-setup-private in ecryptfs-utils prior to 90 does not properly ensure that the passphrase file is created, which might allow local users to bypass intended access restrictions at a certain time in the new-user creation steps.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ecryptfs ecryptfs-utils 64
ecryptfs ecryptfs-utils 65
ecryptfs ecryptfs-utils 72
ecryptfs ecryptfs-utils 73
ecryptfs ecryptfs-utils 81
ecryptfs ecryptfs-utils 82
ecryptfs ecryptfs utils 61
ecryptfs ecryptfs utils 60
ecryptfs ecryptfs-utils 68
ecryptfs ecryptfs-utils 69
ecryptfs ecryptfs-utils 76
ecryptfs ecryptfs-utils 77
ecryptfs ecryptfs-utils 78
ecryptfs ecryptfs-utils 85
ecryptfs ecryptfs-utils 86
ecryptfs ecryptfs-utils 66
ecryptfs ecryptfs-utils 67
ecryptfs ecryptfs-utils 74
ecryptfs ecryptfs-utils 75
ecryptfs ecryptfs-utils 83
ecryptfs ecryptfs-utils 84
ecryptfs ecryptfs utils 59
ecryptfs ecryptfs utils 58
ecryptfs ecryptfs-utils 62
ecryptfs ecryptfs-utils 63
ecryptfs ecryptfs-utils 70
ecryptfs ecryptfs-utils 71
ecryptfs ecryptfs-utils 79
ecryptfs ecryptfs-utils 80
ecryptfs ecryptfs-utils 87
ecryptfs ecryptfs-utils

eCryptfs could be tricked into mounting and unmounting arbitrary locations, and possibly disclose confidential information ...

CWE-255 https://bugzilla.redhat.com/show_bug.cgi?id=729465 https://launchpad.net/ecryptfs/+download http://www.ubuntu.com/usn/USN-1188-1 http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html https://usn.ubuntu.com/1188-1/https://nvd.nist.gov

CVE-2011-1835

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect