Summary: | <sys-fs/ecryptfs-utils-90 Multiple Security Issues (CVE 2011-{1831-1832-1833-1834-1835-1836-1837}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | crypto+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/45563/ | ||
Whiteboard: | ~1 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2011-08-11 16:56:08 UTC
0.90 is a fixed version. I added ecryptfs-utils-90 to CVS. Thanks Tim. just checking it and works. Close as noglsa per ~arch package. CVE-2011-1837 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1837): The lock-counter implementation in utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 allows local users to overwrite arbitrary files via unspecified vectors. CVE-2011-1836 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1836): utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process. CVE-2011-1835 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1835): The encrypted private-directory setup process in utils/ecryptfs-setup-private in ecryptfs-utils before 90 does not properly ensure that the passphrase file is created, which might allow local users to bypass intended access restrictions at a certain time in the new-user creation steps. CVE-2011-1834 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1834): utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly maintain the mtab file during error conditions, which allows local users to cause a denial of service (table corruption) or bypass intended unmounting restrictions via a umount system call. CVE-2011-1832 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1832): utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to remove directories via a umount system call. CVE-2011-1831 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1831): utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to effectively replace any directory with a new filesystem, and consequently gain privileges, via a mount system call. |