Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 572500 (CVE-2016-1572) - sys-fs/ecryptfs-utils: privilege escalation by mounting over /proc/$pid (CVE-2016-1572)
Summary: sys-fs/ecryptfs-utils: privilege escalation by mounting over /proc/$pid (CVE-...
Status: CONFIRMED
Alias: CVE-2016-1572
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://bugs.launchpad.net/ecryptfs/+...
Whiteboard: ~1 [ebuild+]
Keywords:
Depends on: 595264
Blocks:
  Show dependency tree
 
Reported: 2016-01-21 10:10 UTC by Thomas Deutschmann
Modified: 2019-10-14 15:08 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Deutschmann gentoo-dev Security 2016-01-21 10:10:09 UTC
An unprivileged user can mount an ecryptfs over /proc/$pid because according to stat(), it is a normal directory and owned by the user. However, the user is not actually permitted to create arbitrary directory entries in /proc/$pid, and ecryptfs' behavior might be enabling privilege escalation attacks with the help of other programs that use procfs.


CVE:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-1572

Upstream bug report with reproducer:
https://bugs.launchpad.net/ecryptfs/+bug/1530566

Proposed upstream patch:
https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/870

Red Hat Bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1300594
Comment 1 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-09-20 00:52:42 UTC
@Maintainers ping.

Gentoo Security Padawan
ChrisADR
Comment 2 Michael Boyle 2018-05-16 23:52:14 UTC
@maintainers ping.
 The fix was implemented upstream and release, please bump.

Michael Boyle
Gentoo Security Padawan
Comment 3 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2018-05-17 16:36:11 UTC
the package has no stable keywords
Comment 4 Larry the Git Cow gentoo-dev 2019-10-14 15:08:11 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c8d52e5c7308ae8eb0b87cc373289b0385d896a9

commit c8d52e5c7308ae8eb0b87cc373289b0385d896a9
Author:     Ben Kohler <bkohler@gentoo.org>
AuthorDate: 2019-10-14 15:06:01 +0000
Commit:     Ben Kohler <bkohler@gentoo.org>
CommitDate: 2019-10-14 15:07:49 +0000

    sys-fs/ecryptfs-utils: bump to new snapshot
    
    Version bump bug has been open over 3 years with no known blocking
    problems.  I'm doing a non-maintainer bump to fix several outstanding
    issues.
    
    Bug: https://bugs.gentoo.org/572500
    Closes: https://bugs.gentoo.org/595264
    Closes: https://bugs.gentoo.org/697700
    Closes: https://bugs.gentoo.org/694104
    Closes: https://github.com/gentoo/gentoo/pull/12464
    Package-Manager: Portage-2.3.76, Repoman-2.3.17
    Signed-off-by: Ben Kohler <bkohler@gentoo.org>

 sys-fs/ecryptfs-utils/Manifest                     |  1 +
 .../ecryptfs-utils-111_p20170609.ebuild            | 94 ++++++++++++++++++++++
 2 files changed, 95 insertions(+)