Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 378807 (CVE-2011-1831)

Summary: <sys-fs/ecryptfs-utils-90 Multiple Security Issues (CVE 2011-{1831-1832-1833-1834-1835-1836-1837})
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: crypto+disabled
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://secunia.com/advisories/45563/
Whiteboard: ~1 [noglsa]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2011-08-11 16:56:08 UTC 
$summary
Comment 1 Agostino Sarubbo gentoo-dev 2011-08-24 12:03:42 UTC 
0.90 is a fixed version.
Comment 2 Tim Harder gentoo-dev 2011-08-24 18:05:24 UTC 
I added ecryptfs-utils-90 to CVS.
Comment 3 Agostino Sarubbo gentoo-dev 2011-08-24 18:19:30 UTC 
Thanks Tim.

just checking it and works.

Close as noglsa per ~arch package.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2014-04-29 21:22:02 UTC 
CVE-2011-1837 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1837):
  The lock-counter implementation in utils/mount.ecryptfs_private.c in
  ecryptfs-utils before 90 allows local users to overwrite arbitrary files via
  unspecified vectors.

CVE-2011-1836 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1836):
  utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not
  establish a subdirectory with safe permissions, which might allow local
  users to bypass intended access restrictions via standard filesystem
  operations during the recovery process.

CVE-2011-1835 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1835):
  The encrypted private-directory setup process in
  utils/ecryptfs-setup-private in ecryptfs-utils before 90 does not properly
  ensure that the passphrase file is created, which might allow local users to
  bypass intended access restrictions at a certain time in the new-user
  creation steps.

CVE-2011-1834 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1834):
  utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly
  maintain the mtab file during error conditions, which allows local users to
  cause a denial of service (table corruption) or bypass intended unmounting
  restrictions via a umount system call.

CVE-2011-1832 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1832):
  utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly
  check mountpoint permissions, which allows local users to remove directories
  via a umount system call.

CVE-2011-1831 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1831):
  utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly
  check mountpoint permissions, which allows local users to effectively
  replace any directory with a new filesystem, and consequently gain
  privileges, via a mount system call.