Search criteria
21 vulnerabilities found for ecryptfs_utils by ecryptfs
FKIE_CVE-2011-1836
Vulnerability from fkie_nvd - Published: 2014-02-15 14:57 - Updated: 2025-04-11 00:51
Severity ?
Summary
utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ecryptfs | ecryptfs-utils | * | |
| ecryptfs | ecryptfs-utils | 62 | |
| ecryptfs | ecryptfs-utils | 63 | |
| ecryptfs | ecryptfs-utils | 64 | |
| ecryptfs | ecryptfs-utils | 65 | |
| ecryptfs | ecryptfs-utils | 66 | |
| ecryptfs | ecryptfs-utils | 67 | |
| ecryptfs | ecryptfs-utils | 68 | |
| ecryptfs | ecryptfs-utils | 69 | |
| ecryptfs | ecryptfs-utils | 70 | |
| ecryptfs | ecryptfs-utils | 71 | |
| ecryptfs | ecryptfs-utils | 72 | |
| ecryptfs | ecryptfs-utils | 73 | |
| ecryptfs | ecryptfs-utils | 74 | |
| ecryptfs | ecryptfs-utils | 75 | |
| ecryptfs | ecryptfs-utils | 76 | |
| ecryptfs | ecryptfs-utils | 77 | |
| ecryptfs | ecryptfs-utils | 78 | |
| ecryptfs | ecryptfs-utils | 79 | |
| ecryptfs | ecryptfs-utils | 80 | |
| ecryptfs | ecryptfs-utils | 81 | |
| ecryptfs | ecryptfs-utils | 82 | |
| ecryptfs | ecryptfs-utils | 83 | |
| ecryptfs | ecryptfs-utils | 84 | |
| ecryptfs | ecryptfs-utils | 85 | |
| ecryptfs | ecryptfs-utils | 86 | |
| ecryptfs | ecryptfs-utils | 87 | |
| ecryptfs | ecryptfs_utils | 58 | |
| ecryptfs | ecryptfs_utils | 59 | |
| ecryptfs | ecryptfs_utils | 60 | |
| ecryptfs | ecryptfs_utils | 61 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E226CD-F9E6-4B09-93B9-569D0FBDE943",
"versionEndIncluding": "89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:62:*:*:*:*:*:*:*",
"matchCriteriaId": "D197F4A3-473A-48FF-9C7F-658C6C1A6447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:63:*:*:*:*:*:*:*",
"matchCriteriaId": "723E43D2-1130-424E-915E-1A6272FCEB41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:64:*:*:*:*:*:*:*",
"matchCriteriaId": "E01C51EC-BE54-48B9-B9A5-740836C97B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:65:*:*:*:*:*:*:*",
"matchCriteriaId": "0AFDA6DA-B6D7-4AAC-9288-A6AA459BE69B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:66:*:*:*:*:*:*:*",
"matchCriteriaId": "FC251173-56EF-47A9-A119-F9C274BAD2CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:67:*:*:*:*:*:*:*",
"matchCriteriaId": "605ABD47-0352-49ED-A144-7C5696E38C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:68:*:*:*:*:*:*:*",
"matchCriteriaId": "93457510-CCBF-4D63-B308-060BBAC06D2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:69:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C9AC87-2A7B-45B5-BE9C-8244B777FAA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:70:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC81566-A73B-463B-86AE-D81B25C5849E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:71:*:*:*:*:*:*:*",
"matchCriteriaId": "DD2BA072-A019-42FA-946D-53E01AC034AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:72:*:*:*:*:*:*:*",
"matchCriteriaId": "77BDB4AC-112A-4CE9-88C7-4DEC352C7766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:73:*:*:*:*:*:*:*",
"matchCriteriaId": "574C934F-BDE7-4917-B24D-586DF6E148F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:74:*:*:*:*:*:*:*",
"matchCriteriaId": "74DB67B9-A924-4228-918F-322838B74E48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:75:*:*:*:*:*:*:*",
"matchCriteriaId": "6916E70E-C639-4880-83AC-5A90C589FFDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:76:*:*:*:*:*:*:*",
"matchCriteriaId": "CF0B9852-4258-4963-98C4-7FED40BB0BC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:77:*:*:*:*:*:*:*",
"matchCriteriaId": "A1862F4F-D023-4C9E-B2CD-F6DF282AB351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:78:*:*:*:*:*:*:*",
"matchCriteriaId": "6A905D1F-F329-451E-92E1-E3AEA75000BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:79:*:*:*:*:*:*:*",
"matchCriteriaId": "3CBD61AB-AE3C-4B21-A369-F38ED20489F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:80:*:*:*:*:*:*:*",
"matchCriteriaId": "06DC6EF5-1192-4186-B99B-9615BF74F7B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:81:*:*:*:*:*:*:*",
"matchCriteriaId": "F16E0B1E-C7FA-48D3-ACE1-5CCC4C8E3319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:82:*:*:*:*:*:*:*",
"matchCriteriaId": "6FD6A8D7-2FEE-43B6-A6C2-C18A13A0E870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:83:*:*:*:*:*:*:*",
"matchCriteriaId": "181A9F89-9B45-4025-BB7F-42B0AF6CB534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:84:*:*:*:*:*:*:*",
"matchCriteriaId": "CC38EDAA-BF0C-4BE3-9151-995A329B6653",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:85:*:*:*:*:*:*:*",
"matchCriteriaId": "BE16EEF5-2EC2-4D35-8D0A-778E5F647600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:86:*:*:*:*:*:*:*",
"matchCriteriaId": "F7759293-210E-498E-BF9C-E11A748174CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:87:*:*:*:*:*:*:*",
"matchCriteriaId": "0A41D43F-E57C-41CB-A121-D1E3692900B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:58:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A6D32-8A3D-4A25-BF1E-2ED812539F00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:59:*:*:*:*:*:*:*",
"matchCriteriaId": "AB9630D3-DE46-4C60-A9B0-57B8B9B3C857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:60:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE4E253-4CE1-4122-8FFA-974A466D309B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:61:*:*:*:*:*:*:*",
"matchCriteriaId": "74A6D874-CFFC-49C8-8BB0-DC5DA52E5A16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process."
},
{
"lang": "es",
"value": "utils/ecryptfs-recover-private en ecryptfs-utils anterior a 90 no establece un subdirectorio con permisos seguros, lo que podr\u00eda permitir a usuarios locales evadir las restricciones de acceso a trav\u00e9s de operaciones est\u00e1ndar del sistema de ficheros durante el proceso de recuperaci\u00f3n."
}
],
"id": "CVE-2011-1836",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-15T14:57:06.363",
"references": [
{
"source": "security@ubuntu.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"source": "security@ubuntu.com",
"url": "http://www.ubuntu.com/usn/USN-1188-1"
},
{
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"source": "security@ubuntu.com",
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1188-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://launchpad.net/ecryptfs/+download"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-1832
Vulnerability from fkie_nvd - Published: 2014-02-15 14:57 - Updated: 2025-04-11 00:51
Severity ?
Summary
utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to remove directories via a umount system call.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ecryptfs | ecryptfs-utils | * | |
| ecryptfs | ecryptfs-utils | 62 | |
| ecryptfs | ecryptfs-utils | 63 | |
| ecryptfs | ecryptfs-utils | 64 | |
| ecryptfs | ecryptfs-utils | 65 | |
| ecryptfs | ecryptfs-utils | 66 | |
| ecryptfs | ecryptfs-utils | 67 | |
| ecryptfs | ecryptfs-utils | 68 | |
| ecryptfs | ecryptfs-utils | 69 | |
| ecryptfs | ecryptfs-utils | 70 | |
| ecryptfs | ecryptfs-utils | 71 | |
| ecryptfs | ecryptfs-utils | 72 | |
| ecryptfs | ecryptfs-utils | 73 | |
| ecryptfs | ecryptfs-utils | 74 | |
| ecryptfs | ecryptfs-utils | 75 | |
| ecryptfs | ecryptfs-utils | 76 | |
| ecryptfs | ecryptfs-utils | 77 | |
| ecryptfs | ecryptfs-utils | 78 | |
| ecryptfs | ecryptfs-utils | 79 | |
| ecryptfs | ecryptfs-utils | 80 | |
| ecryptfs | ecryptfs-utils | 81 | |
| ecryptfs | ecryptfs-utils | 82 | |
| ecryptfs | ecryptfs-utils | 83 | |
| ecryptfs | ecryptfs-utils | 84 | |
| ecryptfs | ecryptfs-utils | 85 | |
| ecryptfs | ecryptfs-utils | 86 | |
| ecryptfs | ecryptfs-utils | 87 | |
| ecryptfs | ecryptfs_utils | 58 | |
| ecryptfs | ecryptfs_utils | 59 | |
| ecryptfs | ecryptfs_utils | 60 | |
| ecryptfs | ecryptfs_utils | 61 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E226CD-F9E6-4B09-93B9-569D0FBDE943",
"versionEndIncluding": "89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:62:*:*:*:*:*:*:*",
"matchCriteriaId": "D197F4A3-473A-48FF-9C7F-658C6C1A6447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:63:*:*:*:*:*:*:*",
"matchCriteriaId": "723E43D2-1130-424E-915E-1A6272FCEB41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:64:*:*:*:*:*:*:*",
"matchCriteriaId": "E01C51EC-BE54-48B9-B9A5-740836C97B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:65:*:*:*:*:*:*:*",
"matchCriteriaId": "0AFDA6DA-B6D7-4AAC-9288-A6AA459BE69B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:66:*:*:*:*:*:*:*",
"matchCriteriaId": "FC251173-56EF-47A9-A119-F9C274BAD2CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:67:*:*:*:*:*:*:*",
"matchCriteriaId": "605ABD47-0352-49ED-A144-7C5696E38C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:68:*:*:*:*:*:*:*",
"matchCriteriaId": "93457510-CCBF-4D63-B308-060BBAC06D2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:69:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C9AC87-2A7B-45B5-BE9C-8244B777FAA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:70:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC81566-A73B-463B-86AE-D81B25C5849E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:71:*:*:*:*:*:*:*",
"matchCriteriaId": "DD2BA072-A019-42FA-946D-53E01AC034AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:72:*:*:*:*:*:*:*",
"matchCriteriaId": "77BDB4AC-112A-4CE9-88C7-4DEC352C7766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:73:*:*:*:*:*:*:*",
"matchCriteriaId": "574C934F-BDE7-4917-B24D-586DF6E148F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:74:*:*:*:*:*:*:*",
"matchCriteriaId": "74DB67B9-A924-4228-918F-322838B74E48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:75:*:*:*:*:*:*:*",
"matchCriteriaId": "6916E70E-C639-4880-83AC-5A90C589FFDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:76:*:*:*:*:*:*:*",
"matchCriteriaId": "CF0B9852-4258-4963-98C4-7FED40BB0BC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:77:*:*:*:*:*:*:*",
"matchCriteriaId": "A1862F4F-D023-4C9E-B2CD-F6DF282AB351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:78:*:*:*:*:*:*:*",
"matchCriteriaId": "6A905D1F-F329-451E-92E1-E3AEA75000BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:79:*:*:*:*:*:*:*",
"matchCriteriaId": "3CBD61AB-AE3C-4B21-A369-F38ED20489F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:80:*:*:*:*:*:*:*",
"matchCriteriaId": "06DC6EF5-1192-4186-B99B-9615BF74F7B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:81:*:*:*:*:*:*:*",
"matchCriteriaId": "F16E0B1E-C7FA-48D3-ACE1-5CCC4C8E3319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:82:*:*:*:*:*:*:*",
"matchCriteriaId": "6FD6A8D7-2FEE-43B6-A6C2-C18A13A0E870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:83:*:*:*:*:*:*:*",
"matchCriteriaId": "181A9F89-9B45-4025-BB7F-42B0AF6CB534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:84:*:*:*:*:*:*:*",
"matchCriteriaId": "CC38EDAA-BF0C-4BE3-9151-995A329B6653",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:85:*:*:*:*:*:*:*",
"matchCriteriaId": "BE16EEF5-2EC2-4D35-8D0A-778E5F647600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:86:*:*:*:*:*:*:*",
"matchCriteriaId": "F7759293-210E-498E-BF9C-E11A748174CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:87:*:*:*:*:*:*:*",
"matchCriteriaId": "0A41D43F-E57C-41CB-A121-D1E3692900B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:58:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A6D32-8A3D-4A25-BF1E-2ED812539F00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:59:*:*:*:*:*:*:*",
"matchCriteriaId": "AB9630D3-DE46-4C60-A9B0-57B8B9B3C857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:60:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE4E253-4CE1-4122-8FFA-974A466D309B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:61:*:*:*:*:*:*:*",
"matchCriteriaId": "74A6D874-CFFC-49C8-8BB0-DC5DA52E5A16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to remove directories via a umount system call."
},
{
"lang": "es",
"value": "utils/mount.ecryptfs_private.c en ecryptfs-utils anterior a 90 no comprueba debidamente los permisos del punto de montaje, lo que permite a usuarios locales eliminar directorios a trav\u00e9s de una llamada al sistema umount."
}
],
"id": "CVE-2011-1832",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-15T14:57:06.283",
"references": [
{
"source": "security@ubuntu.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"source": "security@ubuntu.com",
"url": "http://www.ubuntu.com/usn/USN-1188-1"
},
{
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"source": "security@ubuntu.com",
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1188-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://launchpad.net/ecryptfs/+download"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-1831
Vulnerability from fkie_nvd - Published: 2014-02-15 14:57 - Updated: 2025-04-11 00:51
Severity ?
Summary
utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to effectively replace any directory with a new filesystem, and consequently gain privileges, via a mount system call.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ecryptfs | ecryptfs-utils | * | |
| ecryptfs | ecryptfs-utils | 62 | |
| ecryptfs | ecryptfs-utils | 63 | |
| ecryptfs | ecryptfs-utils | 64 | |
| ecryptfs | ecryptfs-utils | 65 | |
| ecryptfs | ecryptfs-utils | 66 | |
| ecryptfs | ecryptfs-utils | 67 | |
| ecryptfs | ecryptfs-utils | 68 | |
| ecryptfs | ecryptfs-utils | 69 | |
| ecryptfs | ecryptfs-utils | 70 | |
| ecryptfs | ecryptfs-utils | 71 | |
| ecryptfs | ecryptfs-utils | 72 | |
| ecryptfs | ecryptfs-utils | 73 | |
| ecryptfs | ecryptfs-utils | 74 | |
| ecryptfs | ecryptfs-utils | 75 | |
| ecryptfs | ecryptfs-utils | 76 | |
| ecryptfs | ecryptfs-utils | 77 | |
| ecryptfs | ecryptfs-utils | 78 | |
| ecryptfs | ecryptfs-utils | 79 | |
| ecryptfs | ecryptfs-utils | 80 | |
| ecryptfs | ecryptfs-utils | 81 | |
| ecryptfs | ecryptfs-utils | 82 | |
| ecryptfs | ecryptfs-utils | 83 | |
| ecryptfs | ecryptfs-utils | 84 | |
| ecryptfs | ecryptfs-utils | 85 | |
| ecryptfs | ecryptfs-utils | 86 | |
| ecryptfs | ecryptfs-utils | 87 | |
| ecryptfs | ecryptfs_utils | 58 | |
| ecryptfs | ecryptfs_utils | 59 | |
| ecryptfs | ecryptfs_utils | 60 | |
| ecryptfs | ecryptfs_utils | 61 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E226CD-F9E6-4B09-93B9-569D0FBDE943",
"versionEndIncluding": "89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:62:*:*:*:*:*:*:*",
"matchCriteriaId": "D197F4A3-473A-48FF-9C7F-658C6C1A6447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:63:*:*:*:*:*:*:*",
"matchCriteriaId": "723E43D2-1130-424E-915E-1A6272FCEB41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:64:*:*:*:*:*:*:*",
"matchCriteriaId": "E01C51EC-BE54-48B9-B9A5-740836C97B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:65:*:*:*:*:*:*:*",
"matchCriteriaId": "0AFDA6DA-B6D7-4AAC-9288-A6AA459BE69B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:66:*:*:*:*:*:*:*",
"matchCriteriaId": "FC251173-56EF-47A9-A119-F9C274BAD2CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:67:*:*:*:*:*:*:*",
"matchCriteriaId": "605ABD47-0352-49ED-A144-7C5696E38C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:68:*:*:*:*:*:*:*",
"matchCriteriaId": "93457510-CCBF-4D63-B308-060BBAC06D2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:69:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C9AC87-2A7B-45B5-BE9C-8244B777FAA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:70:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC81566-A73B-463B-86AE-D81B25C5849E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:71:*:*:*:*:*:*:*",
"matchCriteriaId": "DD2BA072-A019-42FA-946D-53E01AC034AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:72:*:*:*:*:*:*:*",
"matchCriteriaId": "77BDB4AC-112A-4CE9-88C7-4DEC352C7766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:73:*:*:*:*:*:*:*",
"matchCriteriaId": "574C934F-BDE7-4917-B24D-586DF6E148F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:74:*:*:*:*:*:*:*",
"matchCriteriaId": "74DB67B9-A924-4228-918F-322838B74E48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:75:*:*:*:*:*:*:*",
"matchCriteriaId": "6916E70E-C639-4880-83AC-5A90C589FFDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:76:*:*:*:*:*:*:*",
"matchCriteriaId": "CF0B9852-4258-4963-98C4-7FED40BB0BC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:77:*:*:*:*:*:*:*",
"matchCriteriaId": "A1862F4F-D023-4C9E-B2CD-F6DF282AB351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:78:*:*:*:*:*:*:*",
"matchCriteriaId": "6A905D1F-F329-451E-92E1-E3AEA75000BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:79:*:*:*:*:*:*:*",
"matchCriteriaId": "3CBD61AB-AE3C-4B21-A369-F38ED20489F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:80:*:*:*:*:*:*:*",
"matchCriteriaId": "06DC6EF5-1192-4186-B99B-9615BF74F7B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:81:*:*:*:*:*:*:*",
"matchCriteriaId": "F16E0B1E-C7FA-48D3-ACE1-5CCC4C8E3319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:82:*:*:*:*:*:*:*",
"matchCriteriaId": "6FD6A8D7-2FEE-43B6-A6C2-C18A13A0E870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:83:*:*:*:*:*:*:*",
"matchCriteriaId": "181A9F89-9B45-4025-BB7F-42B0AF6CB534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:84:*:*:*:*:*:*:*",
"matchCriteriaId": "CC38EDAA-BF0C-4BE3-9151-995A329B6653",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:85:*:*:*:*:*:*:*",
"matchCriteriaId": "BE16EEF5-2EC2-4D35-8D0A-778E5F647600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:86:*:*:*:*:*:*:*",
"matchCriteriaId": "F7759293-210E-498E-BF9C-E11A748174CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:87:*:*:*:*:*:*:*",
"matchCriteriaId": "0A41D43F-E57C-41CB-A121-D1E3692900B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:58:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A6D32-8A3D-4A25-BF1E-2ED812539F00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:59:*:*:*:*:*:*:*",
"matchCriteriaId": "AB9630D3-DE46-4C60-A9B0-57B8B9B3C857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:60:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE4E253-4CE1-4122-8FFA-974A466D309B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:61:*:*:*:*:*:*:*",
"matchCriteriaId": "74A6D874-CFFC-49C8-8BB0-DC5DA52E5A16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to effectively replace any directory with a new filesystem, and consequently gain privileges, via a mount system call."
},
{
"lang": "es",
"value": "utils/mount.ecryptfs_private.c en ecryptfs-utils anterior a 90 no comprueba debidamente los permisos del punto de montaje, lo que permite a usuarios locales reemplazar efectivamente cualquier directorio con un sistema de archivos nuevo, y en consecuencia ganar privilegios, a trav\u00e9s de una llamada al sistema mount."
}
],
"id": "CVE-2011-1831",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-15T14:57:06.253",
"references": [
{
"source": "security@ubuntu.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"source": "security@ubuntu.com",
"url": "http://www.ubuntu.com/usn/USN-1188-1"
},
{
"source": "security@ubuntu.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"source": "security@ubuntu.com",
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1188-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://launchpad.net/ecryptfs/+download"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-1834
Vulnerability from fkie_nvd - Published: 2014-02-15 14:57 - Updated: 2025-04-11 00:51
Severity ?
Summary
utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly maintain the mtab file during error conditions, which allows local users to cause a denial of service (table corruption) or bypass intended unmounting restrictions via a umount system call.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ecryptfs | ecryptfs-utils | * | |
| ecryptfs | ecryptfs-utils | 62 | |
| ecryptfs | ecryptfs-utils | 63 | |
| ecryptfs | ecryptfs-utils | 64 | |
| ecryptfs | ecryptfs-utils | 65 | |
| ecryptfs | ecryptfs-utils | 66 | |
| ecryptfs | ecryptfs-utils | 67 | |
| ecryptfs | ecryptfs-utils | 68 | |
| ecryptfs | ecryptfs-utils | 69 | |
| ecryptfs | ecryptfs-utils | 70 | |
| ecryptfs | ecryptfs-utils | 71 | |
| ecryptfs | ecryptfs-utils | 72 | |
| ecryptfs | ecryptfs-utils | 73 | |
| ecryptfs | ecryptfs-utils | 74 | |
| ecryptfs | ecryptfs-utils | 75 | |
| ecryptfs | ecryptfs-utils | 76 | |
| ecryptfs | ecryptfs-utils | 77 | |
| ecryptfs | ecryptfs-utils | 78 | |
| ecryptfs | ecryptfs-utils | 79 | |
| ecryptfs | ecryptfs-utils | 80 | |
| ecryptfs | ecryptfs-utils | 81 | |
| ecryptfs | ecryptfs-utils | 82 | |
| ecryptfs | ecryptfs-utils | 83 | |
| ecryptfs | ecryptfs-utils | 84 | |
| ecryptfs | ecryptfs-utils | 85 | |
| ecryptfs | ecryptfs-utils | 86 | |
| ecryptfs | ecryptfs-utils | 87 | |
| ecryptfs | ecryptfs_utils | 58 | |
| ecryptfs | ecryptfs_utils | 59 | |
| ecryptfs | ecryptfs_utils | 60 | |
| ecryptfs | ecryptfs_utils | 61 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E226CD-F9E6-4B09-93B9-569D0FBDE943",
"versionEndIncluding": "89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:62:*:*:*:*:*:*:*",
"matchCriteriaId": "D197F4A3-473A-48FF-9C7F-658C6C1A6447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:63:*:*:*:*:*:*:*",
"matchCriteriaId": "723E43D2-1130-424E-915E-1A6272FCEB41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:64:*:*:*:*:*:*:*",
"matchCriteriaId": "E01C51EC-BE54-48B9-B9A5-740836C97B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:65:*:*:*:*:*:*:*",
"matchCriteriaId": "0AFDA6DA-B6D7-4AAC-9288-A6AA459BE69B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:66:*:*:*:*:*:*:*",
"matchCriteriaId": "FC251173-56EF-47A9-A119-F9C274BAD2CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:67:*:*:*:*:*:*:*",
"matchCriteriaId": "605ABD47-0352-49ED-A144-7C5696E38C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:68:*:*:*:*:*:*:*",
"matchCriteriaId": "93457510-CCBF-4D63-B308-060BBAC06D2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:69:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C9AC87-2A7B-45B5-BE9C-8244B777FAA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:70:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC81566-A73B-463B-86AE-D81B25C5849E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:71:*:*:*:*:*:*:*",
"matchCriteriaId": "DD2BA072-A019-42FA-946D-53E01AC034AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:72:*:*:*:*:*:*:*",
"matchCriteriaId": "77BDB4AC-112A-4CE9-88C7-4DEC352C7766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:73:*:*:*:*:*:*:*",
"matchCriteriaId": "574C934F-BDE7-4917-B24D-586DF6E148F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:74:*:*:*:*:*:*:*",
"matchCriteriaId": "74DB67B9-A924-4228-918F-322838B74E48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:75:*:*:*:*:*:*:*",
"matchCriteriaId": "6916E70E-C639-4880-83AC-5A90C589FFDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:76:*:*:*:*:*:*:*",
"matchCriteriaId": "CF0B9852-4258-4963-98C4-7FED40BB0BC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:77:*:*:*:*:*:*:*",
"matchCriteriaId": "A1862F4F-D023-4C9E-B2CD-F6DF282AB351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:78:*:*:*:*:*:*:*",
"matchCriteriaId": "6A905D1F-F329-451E-92E1-E3AEA75000BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:79:*:*:*:*:*:*:*",
"matchCriteriaId": "3CBD61AB-AE3C-4B21-A369-F38ED20489F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:80:*:*:*:*:*:*:*",
"matchCriteriaId": "06DC6EF5-1192-4186-B99B-9615BF74F7B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:81:*:*:*:*:*:*:*",
"matchCriteriaId": "F16E0B1E-C7FA-48D3-ACE1-5CCC4C8E3319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:82:*:*:*:*:*:*:*",
"matchCriteriaId": "6FD6A8D7-2FEE-43B6-A6C2-C18A13A0E870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:83:*:*:*:*:*:*:*",
"matchCriteriaId": "181A9F89-9B45-4025-BB7F-42B0AF6CB534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:84:*:*:*:*:*:*:*",
"matchCriteriaId": "CC38EDAA-BF0C-4BE3-9151-995A329B6653",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:85:*:*:*:*:*:*:*",
"matchCriteriaId": "BE16EEF5-2EC2-4D35-8D0A-778E5F647600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:86:*:*:*:*:*:*:*",
"matchCriteriaId": "F7759293-210E-498E-BF9C-E11A748174CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:87:*:*:*:*:*:*:*",
"matchCriteriaId": "0A41D43F-E57C-41CB-A121-D1E3692900B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:58:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A6D32-8A3D-4A25-BF1E-2ED812539F00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:59:*:*:*:*:*:*:*",
"matchCriteriaId": "AB9630D3-DE46-4C60-A9B0-57B8B9B3C857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:60:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE4E253-4CE1-4122-8FFA-974A466D309B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:61:*:*:*:*:*:*:*",
"matchCriteriaId": "74A6D874-CFFC-49C8-8BB0-DC5DA52E5A16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly maintain the mtab file during error conditions, which allows local users to cause a denial of service (table corruption) or bypass intended unmounting restrictions via a umount system call."
},
{
"lang": "es",
"value": "utils/mount.ecryptfs_private.c en ecryptfs-utils anterior a 90 no mantiene debidamente el archivo mtab durante condiciones de error, lo que permite a usuarios locales causar una denegaci\u00f3n de servicio (corrupci\u00f3n de tabla) o evadir restricciones de desmontaje a trav\u00e9s de una llamada al sistema umount."
}
],
"id": "CVE-2011-1834",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-15T14:57:06.300",
"references": [
{
"source": "security@ubuntu.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"source": "security@ubuntu.com",
"url": "http://www.ubuntu.com/usn/USN-1188-1"
},
{
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"source": "security@ubuntu.com",
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1188-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://launchpad.net/ecryptfs/+download"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-1835
Vulnerability from fkie_nvd - Published: 2014-02-15 14:57 - Updated: 2025-04-11 00:51
Severity ?
Summary
The encrypted private-directory setup process in utils/ecryptfs-setup-private in ecryptfs-utils before 90 does not properly ensure that the passphrase file is created, which might allow local users to bypass intended access restrictions at a certain time in the new-user creation steps.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ecryptfs | ecryptfs-utils | * | |
| ecryptfs | ecryptfs-utils | 62 | |
| ecryptfs | ecryptfs-utils | 63 | |
| ecryptfs | ecryptfs-utils | 64 | |
| ecryptfs | ecryptfs-utils | 65 | |
| ecryptfs | ecryptfs-utils | 66 | |
| ecryptfs | ecryptfs-utils | 67 | |
| ecryptfs | ecryptfs-utils | 68 | |
| ecryptfs | ecryptfs-utils | 69 | |
| ecryptfs | ecryptfs-utils | 70 | |
| ecryptfs | ecryptfs-utils | 71 | |
| ecryptfs | ecryptfs-utils | 72 | |
| ecryptfs | ecryptfs-utils | 73 | |
| ecryptfs | ecryptfs-utils | 74 | |
| ecryptfs | ecryptfs-utils | 75 | |
| ecryptfs | ecryptfs-utils | 76 | |
| ecryptfs | ecryptfs-utils | 77 | |
| ecryptfs | ecryptfs-utils | 78 | |
| ecryptfs | ecryptfs-utils | 79 | |
| ecryptfs | ecryptfs-utils | 80 | |
| ecryptfs | ecryptfs-utils | 81 | |
| ecryptfs | ecryptfs-utils | 82 | |
| ecryptfs | ecryptfs-utils | 83 | |
| ecryptfs | ecryptfs-utils | 84 | |
| ecryptfs | ecryptfs-utils | 85 | |
| ecryptfs | ecryptfs-utils | 86 | |
| ecryptfs | ecryptfs-utils | 87 | |
| ecryptfs | ecryptfs_utils | 58 | |
| ecryptfs | ecryptfs_utils | 59 | |
| ecryptfs | ecryptfs_utils | 60 | |
| ecryptfs | ecryptfs_utils | 61 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E226CD-F9E6-4B09-93B9-569D0FBDE943",
"versionEndIncluding": "89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:62:*:*:*:*:*:*:*",
"matchCriteriaId": "D197F4A3-473A-48FF-9C7F-658C6C1A6447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:63:*:*:*:*:*:*:*",
"matchCriteriaId": "723E43D2-1130-424E-915E-1A6272FCEB41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:64:*:*:*:*:*:*:*",
"matchCriteriaId": "E01C51EC-BE54-48B9-B9A5-740836C97B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:65:*:*:*:*:*:*:*",
"matchCriteriaId": "0AFDA6DA-B6D7-4AAC-9288-A6AA459BE69B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:66:*:*:*:*:*:*:*",
"matchCriteriaId": "FC251173-56EF-47A9-A119-F9C274BAD2CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:67:*:*:*:*:*:*:*",
"matchCriteriaId": "605ABD47-0352-49ED-A144-7C5696E38C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:68:*:*:*:*:*:*:*",
"matchCriteriaId": "93457510-CCBF-4D63-B308-060BBAC06D2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:69:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C9AC87-2A7B-45B5-BE9C-8244B777FAA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:70:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC81566-A73B-463B-86AE-D81B25C5849E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:71:*:*:*:*:*:*:*",
"matchCriteriaId": "DD2BA072-A019-42FA-946D-53E01AC034AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:72:*:*:*:*:*:*:*",
"matchCriteriaId": "77BDB4AC-112A-4CE9-88C7-4DEC352C7766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:73:*:*:*:*:*:*:*",
"matchCriteriaId": "574C934F-BDE7-4917-B24D-586DF6E148F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:74:*:*:*:*:*:*:*",
"matchCriteriaId": "74DB67B9-A924-4228-918F-322838B74E48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:75:*:*:*:*:*:*:*",
"matchCriteriaId": "6916E70E-C639-4880-83AC-5A90C589FFDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:76:*:*:*:*:*:*:*",
"matchCriteriaId": "CF0B9852-4258-4963-98C4-7FED40BB0BC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:77:*:*:*:*:*:*:*",
"matchCriteriaId": "A1862F4F-D023-4C9E-B2CD-F6DF282AB351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:78:*:*:*:*:*:*:*",
"matchCriteriaId": "6A905D1F-F329-451E-92E1-E3AEA75000BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:79:*:*:*:*:*:*:*",
"matchCriteriaId": "3CBD61AB-AE3C-4B21-A369-F38ED20489F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:80:*:*:*:*:*:*:*",
"matchCriteriaId": "06DC6EF5-1192-4186-B99B-9615BF74F7B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:81:*:*:*:*:*:*:*",
"matchCriteriaId": "F16E0B1E-C7FA-48D3-ACE1-5CCC4C8E3319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:82:*:*:*:*:*:*:*",
"matchCriteriaId": "6FD6A8D7-2FEE-43B6-A6C2-C18A13A0E870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:83:*:*:*:*:*:*:*",
"matchCriteriaId": "181A9F89-9B45-4025-BB7F-42B0AF6CB534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:84:*:*:*:*:*:*:*",
"matchCriteriaId": "CC38EDAA-BF0C-4BE3-9151-995A329B6653",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:85:*:*:*:*:*:*:*",
"matchCriteriaId": "BE16EEF5-2EC2-4D35-8D0A-778E5F647600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:86:*:*:*:*:*:*:*",
"matchCriteriaId": "F7759293-210E-498E-BF9C-E11A748174CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:87:*:*:*:*:*:*:*",
"matchCriteriaId": "0A41D43F-E57C-41CB-A121-D1E3692900B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:58:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A6D32-8A3D-4A25-BF1E-2ED812539F00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:59:*:*:*:*:*:*:*",
"matchCriteriaId": "AB9630D3-DE46-4C60-A9B0-57B8B9B3C857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:60:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE4E253-4CE1-4122-8FFA-974A466D309B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:61:*:*:*:*:*:*:*",
"matchCriteriaId": "74A6D874-CFFC-49C8-8BB0-DC5DA52E5A16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The encrypted private-directory setup process in utils/ecryptfs-setup-private in ecryptfs-utils before 90 does not properly ensure that the passphrase file is created, which might allow local users to bypass intended access restrictions at a certain time in the new-user creation steps."
},
{
"lang": "es",
"value": "El proceso de configuraci\u00f3n de directorio privado cifrado en utils/ecryptfs-setup-private en ecryptfs-utils anterior a 90 no asegura debidamente que el archivo passphrase es creado, lo que podr\u00eda permitir a usuarios locales evadir las restricciones de acceso en cierto momento en los pasos de creaci\u00f3n de un nuevo usuario."
}
],
"id": "CVE-2011-1835",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-15T14:57:06.330",
"references": [
{
"source": "security@ubuntu.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"source": "security@ubuntu.com",
"url": "http://www.ubuntu.com/usn/USN-1188-1"
},
{
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"source": "security@ubuntu.com",
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1188-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://launchpad.net/ecryptfs/+download"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-1837
Vulnerability from fkie_nvd - Published: 2014-02-15 14:57 - Updated: 2025-04-11 00:51
Severity ?
Summary
The lock-counter implementation in utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 allows local users to overwrite arbitrary files via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ecryptfs | ecryptfs-utils | * | |
| ecryptfs | ecryptfs-utils | 62 | |
| ecryptfs | ecryptfs-utils | 63 | |
| ecryptfs | ecryptfs-utils | 64 | |
| ecryptfs | ecryptfs-utils | 65 | |
| ecryptfs | ecryptfs-utils | 66 | |
| ecryptfs | ecryptfs-utils | 67 | |
| ecryptfs | ecryptfs-utils | 68 | |
| ecryptfs | ecryptfs-utils | 69 | |
| ecryptfs | ecryptfs-utils | 70 | |
| ecryptfs | ecryptfs-utils | 71 | |
| ecryptfs | ecryptfs-utils | 72 | |
| ecryptfs | ecryptfs-utils | 73 | |
| ecryptfs | ecryptfs-utils | 74 | |
| ecryptfs | ecryptfs-utils | 75 | |
| ecryptfs | ecryptfs-utils | 76 | |
| ecryptfs | ecryptfs-utils | 77 | |
| ecryptfs | ecryptfs-utils | 78 | |
| ecryptfs | ecryptfs-utils | 79 | |
| ecryptfs | ecryptfs-utils | 80 | |
| ecryptfs | ecryptfs-utils | 81 | |
| ecryptfs | ecryptfs-utils | 82 | |
| ecryptfs | ecryptfs-utils | 83 | |
| ecryptfs | ecryptfs-utils | 84 | |
| ecryptfs | ecryptfs-utils | 85 | |
| ecryptfs | ecryptfs-utils | 86 | |
| ecryptfs | ecryptfs-utils | 87 | |
| ecryptfs | ecryptfs_utils | 58 | |
| ecryptfs | ecryptfs_utils | 59 | |
| ecryptfs | ecryptfs_utils | 60 | |
| ecryptfs | ecryptfs_utils | 61 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E226CD-F9E6-4B09-93B9-569D0FBDE943",
"versionEndIncluding": "89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:62:*:*:*:*:*:*:*",
"matchCriteriaId": "D197F4A3-473A-48FF-9C7F-658C6C1A6447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:63:*:*:*:*:*:*:*",
"matchCriteriaId": "723E43D2-1130-424E-915E-1A6272FCEB41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:64:*:*:*:*:*:*:*",
"matchCriteriaId": "E01C51EC-BE54-48B9-B9A5-740836C97B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:65:*:*:*:*:*:*:*",
"matchCriteriaId": "0AFDA6DA-B6D7-4AAC-9288-A6AA459BE69B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:66:*:*:*:*:*:*:*",
"matchCriteriaId": "FC251173-56EF-47A9-A119-F9C274BAD2CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:67:*:*:*:*:*:*:*",
"matchCriteriaId": "605ABD47-0352-49ED-A144-7C5696E38C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:68:*:*:*:*:*:*:*",
"matchCriteriaId": "93457510-CCBF-4D63-B308-060BBAC06D2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:69:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C9AC87-2A7B-45B5-BE9C-8244B777FAA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:70:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC81566-A73B-463B-86AE-D81B25C5849E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:71:*:*:*:*:*:*:*",
"matchCriteriaId": "DD2BA072-A019-42FA-946D-53E01AC034AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:72:*:*:*:*:*:*:*",
"matchCriteriaId": "77BDB4AC-112A-4CE9-88C7-4DEC352C7766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:73:*:*:*:*:*:*:*",
"matchCriteriaId": "574C934F-BDE7-4917-B24D-586DF6E148F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:74:*:*:*:*:*:*:*",
"matchCriteriaId": "74DB67B9-A924-4228-918F-322838B74E48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:75:*:*:*:*:*:*:*",
"matchCriteriaId": "6916E70E-C639-4880-83AC-5A90C589FFDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:76:*:*:*:*:*:*:*",
"matchCriteriaId": "CF0B9852-4258-4963-98C4-7FED40BB0BC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:77:*:*:*:*:*:*:*",
"matchCriteriaId": "A1862F4F-D023-4C9E-B2CD-F6DF282AB351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:78:*:*:*:*:*:*:*",
"matchCriteriaId": "6A905D1F-F329-451E-92E1-E3AEA75000BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:79:*:*:*:*:*:*:*",
"matchCriteriaId": "3CBD61AB-AE3C-4B21-A369-F38ED20489F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:80:*:*:*:*:*:*:*",
"matchCriteriaId": "06DC6EF5-1192-4186-B99B-9615BF74F7B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:81:*:*:*:*:*:*:*",
"matchCriteriaId": "F16E0B1E-C7FA-48D3-ACE1-5CCC4C8E3319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:82:*:*:*:*:*:*:*",
"matchCriteriaId": "6FD6A8D7-2FEE-43B6-A6C2-C18A13A0E870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:83:*:*:*:*:*:*:*",
"matchCriteriaId": "181A9F89-9B45-4025-BB7F-42B0AF6CB534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:84:*:*:*:*:*:*:*",
"matchCriteriaId": "CC38EDAA-BF0C-4BE3-9151-995A329B6653",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:85:*:*:*:*:*:*:*",
"matchCriteriaId": "BE16EEF5-2EC2-4D35-8D0A-778E5F647600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:86:*:*:*:*:*:*:*",
"matchCriteriaId": "F7759293-210E-498E-BF9C-E11A748174CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:87:*:*:*:*:*:*:*",
"matchCriteriaId": "0A41D43F-E57C-41CB-A121-D1E3692900B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:58:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A6D32-8A3D-4A25-BF1E-2ED812539F00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:59:*:*:*:*:*:*:*",
"matchCriteriaId": "AB9630D3-DE46-4C60-A9B0-57B8B9B3C857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:60:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE4E253-4CE1-4122-8FFA-974A466D309B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:61:*:*:*:*:*:*:*",
"matchCriteriaId": "74A6D874-CFFC-49C8-8BB0-DC5DA52E5A16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The lock-counter implementation in utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 allows local users to overwrite arbitrary files via unspecified vectors."
},
{
"lang": "es",
"value": "La implementaci\u00f3n lock-counter en utils/mount.ecryptfs_private.c en ecryptfs-utils anterior a 90 permite a usuarios locales sobreescribir archivos arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2011-1837",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-15T14:57:06.377",
"references": [
{
"source": "security@ubuntu.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"source": "security@ubuntu.com",
"url": "http://www.ubuntu.com/usn/USN-1188-1"
},
{
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"source": "security@ubuntu.com",
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1188-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://launchpad.net/ecryptfs/+download"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-5188
Vulnerability from fkie_nvd - Published: 2008-11-21 02:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through 61 in eCryptfs place cleartext passwords on command lines, which allows local users to obtain sensitive information by listing the process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ecryptfs | ecryptfs_utils | 45 | |
| ecryptfs | ecryptfs_utils | 46 | |
| ecryptfs | ecryptfs_utils | 47 | |
| ecryptfs | ecryptfs_utils | 48 | |
| ecryptfs | ecryptfs_utils | 49 | |
| ecryptfs | ecryptfs_utils | 50 | |
| ecryptfs | ecryptfs_utils | 51 | |
| ecryptfs | ecryptfs_utils | 53 | |
| ecryptfs | ecryptfs_utils | 54 | |
| ecryptfs | ecryptfs_utils | 55 | |
| ecryptfs | ecryptfs_utils | 56 | |
| ecryptfs | ecryptfs_utils | 57 | |
| ecryptfs | ecryptfs_utils | 58 | |
| ecryptfs | ecryptfs_utils | 59 | |
| ecryptfs | ecryptfs_utils | 60 | |
| ecryptfs | ecryptfs_utils | 61 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:45:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4E82E6-AF24-4B7F-A6DD-EBCD181CAB54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:46:*:*:*:*:*:*:*",
"matchCriteriaId": "97C0970B-D35A-4D8B-B23D-8174451FF532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:47:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE63E38-3A4F-457C-9F15-66CFC421268B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:48:*:*:*:*:*:*:*",
"matchCriteriaId": "5A290B1C-54BF-456B-8D53-D2D33AE15E93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:49:*:*:*:*:*:*:*",
"matchCriteriaId": "E6844D7B-734C-461A-9F5D-6C246F2DC7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:50:*:*:*:*:*:*:*",
"matchCriteriaId": "3EFE185F-8579-4216-B611-299B7CD9F3F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:51:*:*:*:*:*:*:*",
"matchCriteriaId": "13BEDA62-A7CA-409C-B4D0-84945A3E46ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:53:*:*:*:*:*:*:*",
"matchCriteriaId": "2BDCD33C-7EA6-4922-914D-43472CC23F1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:54:*:*:*:*:*:*:*",
"matchCriteriaId": "F20CFF16-B815-4F76-A099-B805AC1D2776",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:55:*:*:*:*:*:*:*",
"matchCriteriaId": "6B369A92-201D-4F84-9A5C-27853EF8286B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:56:*:*:*:*:*:*:*",
"matchCriteriaId": "4446FE35-FA53-4DC6-86FF-746E1D890340",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:57:*:*:*:*:*:*:*",
"matchCriteriaId": "94190953-E2B5-473B-B3C6-39BBD4C3783E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:58:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A6D32-8A3D-4A25-BF1E-2ED812539F00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:59:*:*:*:*:*:*:*",
"matchCriteriaId": "AB9630D3-DE46-4C60-A9B0-57B8B9B3C857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:60:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE4E253-4CE1-4122-8FFA-974A466D309B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:61:*:*:*:*:*:*:*",
"matchCriteriaId": "74A6D874-CFFC-49C8-8BB0-DC5DA52E5A16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through 61 in eCryptfs place cleartext passwords on command lines, which allows local users to obtain sensitive information by listing the process."
},
{
"lang": "es",
"value": "Las secuencias de comando (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, y (3) ecryptfs-setup-pam-wrapped.sh en ecryptfs-utils v45 hasta la v61 en eCryptfs las lineas de comando y las contrase\u00f1as estan en texto en claro, que permite a usuarios locales conseguir informaci\u00f3n sensible mediante el listado de procesos."
}
],
"id": "CVE-2008-5188",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-11-21T02:30:00.563",
"references": [
{
"source": "cve@mitre.org",
"url": "http://git.kernel.org/?p=linux/kernel/git/mhalcrow/ecryptfs-utils.git%3Ba=commit%3Bh=06de99afd53f03fe07eda0ad9d61ac6d5d4d9f53"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/49334"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/50353"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/50354"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/50355"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2009-1307.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32382"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/36552"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/10/23/3"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/10/29/4"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/10/29/7"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46073"
},
{
"source": "cve@mitre.org",
"url": "https://launchpad.net/bugs/287908"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9607"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.kernel.org/?p=linux/kernel/git/mhalcrow/ecryptfs-utils.git%3Ba=commit%3Bh=06de99afd53f03fe07eda0ad9d61ac6d5d4d9f53"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/49334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/50353"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/50354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/50355"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2009-1307.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/36552"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/10/23/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/10/29/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/10/29/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46073"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://launchpad.net/bugs/287908"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9607"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2011-1836 (GCVE-0-2011-1836)
Vulnerability from cvelistv5 – Published: 2014-02-15 11:00 – Updated: 2024-08-06 22:37
VLAI?
Summary
utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:25.838Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2011:0898",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-06T14:57:00",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "SUSE-SU-2011:0898",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2011-1836",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2011:0898",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"name": "https://launchpad.net/ecryptfs/+download",
"refsource": "CONFIRM",
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=729465",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2011-1836",
"datePublished": "2014-02-15T11:00:00",
"dateReserved": "2011-04-27T00:00:00",
"dateUpdated": "2024-08-06T22:37:25.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1837 (GCVE-0-2011-1837)
Vulnerability from cvelistv5 – Published: 2014-02-15 11:00 – Updated: 2024-08-06 22:37
VLAI?
Summary
The lock-counter implementation in utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 allows local users to overwrite arbitrary files via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:25.784Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2011:0898",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The lock-counter implementation in utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 allows local users to overwrite arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-06T14:57:00",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "SUSE-SU-2011:0898",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2011-1837",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The lock-counter implementation in utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 allows local users to overwrite arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2011:0898",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"name": "https://launchpad.net/ecryptfs/+download",
"refsource": "CONFIRM",
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=729465",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2011-1837",
"datePublished": "2014-02-15T11:00:00",
"dateReserved": "2011-04-27T00:00:00",
"dateUpdated": "2024-08-06T22:37:25.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1834 (GCVE-0-2011-1834)
Vulnerability from cvelistv5 – Published: 2014-02-15 11:00 – Updated: 2024-08-06 22:37
VLAI?
Summary
utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly maintain the mtab file during error conditions, which allows local users to cause a denial of service (table corruption) or bypass intended unmounting restrictions via a umount system call.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:26.062Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2011:0898",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly maintain the mtab file during error conditions, which allows local users to cause a denial of service (table corruption) or bypass intended unmounting restrictions via a umount system call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-06T14:57:00",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "SUSE-SU-2011:0898",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2011-1834",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly maintain the mtab file during error conditions, which allows local users to cause a denial of service (table corruption) or bypass intended unmounting restrictions via a umount system call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2011:0898",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"name": "https://launchpad.net/ecryptfs/+download",
"refsource": "CONFIRM",
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=729465",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2011-1834",
"datePublished": "2014-02-15T11:00:00",
"dateReserved": "2011-04-27T00:00:00",
"dateUpdated": "2024-08-06T22:37:26.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1831 (GCVE-0-2011-1831)
Vulnerability from cvelistv5 – Published: 2014-02-15 11:00 – Updated: 2024-08-06 22:37
VLAI?
Summary
utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to effectively replace any directory with a new filesystem, and consequently gain privileges, via a mount system call.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:25.762Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2011:0898",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to effectively replace any directory with a new filesystem, and consequently gain privileges, via a mount system call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-06T14:57:00",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "SUSE-SU-2011:0898",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2011-1831",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to effectively replace any directory with a new filesystem, and consequently gain privileges, via a mount system call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2011:0898",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"name": "https://launchpad.net/ecryptfs/+download",
"refsource": "CONFIRM",
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=729465",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2011-1831",
"datePublished": "2014-02-15T11:00:00",
"dateReserved": "2011-04-27T00:00:00",
"dateUpdated": "2024-08-06T22:37:25.762Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1832 (GCVE-0-2011-1832)
Vulnerability from cvelistv5 – Published: 2014-02-15 11:00 – Updated: 2024-08-06 22:37
VLAI?
Summary
utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to remove directories via a umount system call.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:25.811Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2011:0898",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to remove directories via a umount system call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-06T14:57:00",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "SUSE-SU-2011:0898",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2011-1832",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to remove directories via a umount system call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2011:0898",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"name": "https://launchpad.net/ecryptfs/+download",
"refsource": "CONFIRM",
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=729465",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2011-1832",
"datePublished": "2014-02-15T11:00:00",
"dateReserved": "2011-04-27T00:00:00",
"dateUpdated": "2024-08-06T22:37:25.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1835 (GCVE-0-2011-1835)
Vulnerability from cvelistv5 – Published: 2014-02-15 11:00 – Updated: 2024-08-06 22:37
VLAI?
Summary
The encrypted private-directory setup process in utils/ecryptfs-setup-private in ecryptfs-utils before 90 does not properly ensure that the passphrase file is created, which might allow local users to bypass intended access restrictions at a certain time in the new-user creation steps.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:25.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2011:0898",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The encrypted private-directory setup process in utils/ecryptfs-setup-private in ecryptfs-utils before 90 does not properly ensure that the passphrase file is created, which might allow local users to bypass intended access restrictions at a certain time in the new-user creation steps."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-06T14:57:00",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "SUSE-SU-2011:0898",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2011-1835",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The encrypted private-directory setup process in utils/ecryptfs-setup-private in ecryptfs-utils before 90 does not properly ensure that the passphrase file is created, which might allow local users to bypass intended access restrictions at a certain time in the new-user creation steps."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2011:0898",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"name": "https://launchpad.net/ecryptfs/+download",
"refsource": "CONFIRM",
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=729465",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2011-1835",
"datePublished": "2014-02-15T11:00:00",
"dateReserved": "2011-04-27T00:00:00",
"dateUpdated": "2024-08-06T22:37:25.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5188 (GCVE-0-2008-5188)
Vulnerability from cvelistv5 – Published: 2008-11-21 02:00 – Updated: 2024-08-07 10:40
VLAI?
Summary
The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through 61 in eCryptfs place cleartext passwords on command lines, which allows local users to obtain sensitive information by listing the process.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:40:17.228Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20081023 CVE request for ecryptfs",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/23/3"
},
{
"name": "[oss-security] 20081029 Re: CVE request for ecryptfs",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/29/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/bugs/287908"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/mhalcrow/ecryptfs-utils.git%3Ba=commit%3Bh=06de99afd53f03fe07eda0ad9d61ac6d5d4d9f53"
},
{
"name": "50355",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50355"
},
{
"name": "[oss-security] 20081029 Re: CVE request for ecryptfs",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/29/4"
},
{
"name": "32382",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32382"
},
{
"name": "50354",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50354"
},
{
"name": "ecryptfsutils-setupprivate-info-disclosure(46073)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46073"
},
{
"name": "49334",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/49334"
},
{
"name": "RHSA-2009:1307",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-1307.html"
},
{
"name": "36552",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36552"
},
{
"name": "oval:org.mitre.oval:def:9607",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9607"
},
{
"name": "50353",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50353"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through 61 in eCryptfs place cleartext passwords on command lines, which allows local users to obtain sensitive information by listing the process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20081023 CVE request for ecryptfs",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/23/3"
},
{
"name": "[oss-security] 20081029 Re: CVE request for ecryptfs",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/29/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/bugs/287908"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/mhalcrow/ecryptfs-utils.git%3Ba=commit%3Bh=06de99afd53f03fe07eda0ad9d61ac6d5d4d9f53"
},
{
"name": "50355",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50355"
},
{
"name": "[oss-security] 20081029 Re: CVE request for ecryptfs",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/29/4"
},
{
"name": "32382",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32382"
},
{
"name": "50354",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50354"
},
{
"name": "ecryptfsutils-setupprivate-info-disclosure(46073)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46073"
},
{
"name": "49334",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/49334"
},
{
"name": "RHSA-2009:1307",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-1307.html"
},
{
"name": "36552",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36552"
},
{
"name": "oval:org.mitre.oval:def:9607",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9607"
},
{
"name": "50353",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50353"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5188",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through 61 in eCryptfs place cleartext passwords on command lines, which allows local users to obtain sensitive information by listing the process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20081023 CVE request for ecryptfs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/23/3"
},
{
"name": "[oss-security] 20081029 Re: CVE request for ecryptfs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/29/7"
},
{
"name": "https://launchpad.net/bugs/287908",
"refsource": "CONFIRM",
"url": "https://launchpad.net/bugs/287908"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/mhalcrow/ecryptfs-utils.git;a=commit;h=06de99afd53f03fe07eda0ad9d61ac6d5d4d9f53",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/mhalcrow/ecryptfs-utils.git;a=commit;h=06de99afd53f03fe07eda0ad9d61ac6d5d4d9f53"
},
{
"name": "50355",
"refsource": "OSVDB",
"url": "http://osvdb.org/50355"
},
{
"name": "[oss-security] 20081029 Re: CVE request for ecryptfs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/29/4"
},
{
"name": "32382",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32382"
},
{
"name": "50354",
"refsource": "OSVDB",
"url": "http://osvdb.org/50354"
},
{
"name": "ecryptfsutils-setupprivate-info-disclosure(46073)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46073"
},
{
"name": "49334",
"refsource": "OSVDB",
"url": "http://osvdb.org/49334"
},
{
"name": "RHSA-2009:1307",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2009-1307.html"
},
{
"name": "36552",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36552"
},
{
"name": "oval:org.mitre.oval:def:9607",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9607"
},
{
"name": "50353",
"refsource": "OSVDB",
"url": "http://osvdb.org/50353"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5188",
"datePublished": "2008-11-21T02:00:00",
"dateReserved": "2008-11-20T00:00:00",
"dateUpdated": "2024-08-07T10:40:17.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1836 (GCVE-0-2011-1836)
Vulnerability from nvd – Published: 2014-02-15 11:00 – Updated: 2024-08-06 22:37
VLAI?
Summary
utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:25.838Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2011:0898",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-06T14:57:00",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "SUSE-SU-2011:0898",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2011-1836",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2011:0898",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"name": "https://launchpad.net/ecryptfs/+download",
"refsource": "CONFIRM",
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=729465",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2011-1836",
"datePublished": "2014-02-15T11:00:00",
"dateReserved": "2011-04-27T00:00:00",
"dateUpdated": "2024-08-06T22:37:25.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1837 (GCVE-0-2011-1837)
Vulnerability from nvd – Published: 2014-02-15 11:00 – Updated: 2024-08-06 22:37
VLAI?
Summary
The lock-counter implementation in utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 allows local users to overwrite arbitrary files via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:25.784Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2011:0898",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The lock-counter implementation in utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 allows local users to overwrite arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-06T14:57:00",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "SUSE-SU-2011:0898",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2011-1837",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The lock-counter implementation in utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 allows local users to overwrite arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2011:0898",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"name": "https://launchpad.net/ecryptfs/+download",
"refsource": "CONFIRM",
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=729465",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2011-1837",
"datePublished": "2014-02-15T11:00:00",
"dateReserved": "2011-04-27T00:00:00",
"dateUpdated": "2024-08-06T22:37:25.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1834 (GCVE-0-2011-1834)
Vulnerability from nvd – Published: 2014-02-15 11:00 – Updated: 2024-08-06 22:37
VLAI?
Summary
utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly maintain the mtab file during error conditions, which allows local users to cause a denial of service (table corruption) or bypass intended unmounting restrictions via a umount system call.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:26.062Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2011:0898",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly maintain the mtab file during error conditions, which allows local users to cause a denial of service (table corruption) or bypass intended unmounting restrictions via a umount system call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-06T14:57:00",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "SUSE-SU-2011:0898",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2011-1834",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly maintain the mtab file during error conditions, which allows local users to cause a denial of service (table corruption) or bypass intended unmounting restrictions via a umount system call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2011:0898",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"name": "https://launchpad.net/ecryptfs/+download",
"refsource": "CONFIRM",
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=729465",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2011-1834",
"datePublished": "2014-02-15T11:00:00",
"dateReserved": "2011-04-27T00:00:00",
"dateUpdated": "2024-08-06T22:37:26.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1831 (GCVE-0-2011-1831)
Vulnerability from nvd – Published: 2014-02-15 11:00 – Updated: 2024-08-06 22:37
VLAI?
Summary
utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to effectively replace any directory with a new filesystem, and consequently gain privileges, via a mount system call.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:25.762Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2011:0898",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to effectively replace any directory with a new filesystem, and consequently gain privileges, via a mount system call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-06T14:57:00",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "SUSE-SU-2011:0898",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2011-1831",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to effectively replace any directory with a new filesystem, and consequently gain privileges, via a mount system call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2011:0898",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"name": "https://launchpad.net/ecryptfs/+download",
"refsource": "CONFIRM",
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=729465",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2011-1831",
"datePublished": "2014-02-15T11:00:00",
"dateReserved": "2011-04-27T00:00:00",
"dateUpdated": "2024-08-06T22:37:25.762Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1832 (GCVE-0-2011-1832)
Vulnerability from nvd – Published: 2014-02-15 11:00 – Updated: 2024-08-06 22:37
VLAI?
Summary
utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to remove directories via a umount system call.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:25.811Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2011:0898",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to remove directories via a umount system call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-06T14:57:00",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "SUSE-SU-2011:0898",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2011-1832",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to remove directories via a umount system call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2011:0898",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"name": "https://launchpad.net/ecryptfs/+download",
"refsource": "CONFIRM",
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=729465",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2011-1832",
"datePublished": "2014-02-15T11:00:00",
"dateReserved": "2011-04-27T00:00:00",
"dateUpdated": "2024-08-06T22:37:25.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1835 (GCVE-0-2011-1835)
Vulnerability from nvd – Published: 2014-02-15 11:00 – Updated: 2024-08-06 22:37
VLAI?
Summary
The encrypted private-directory setup process in utils/ecryptfs-setup-private in ecryptfs-utils before 90 does not properly ensure that the passphrase file is created, which might allow local users to bypass intended access restrictions at a certain time in the new-user creation steps.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:25.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2011:0898",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The encrypted private-directory setup process in utils/ecryptfs-setup-private in ecryptfs-utils before 90 does not properly ensure that the passphrase file is created, which might allow local users to bypass intended access restrictions at a certain time in the new-user creation steps."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-06T14:57:00",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "SUSE-SU-2011:0898",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2011-1835",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The encrypted private-directory setup process in utils/ecryptfs-setup-private in ecryptfs-utils before 90 does not properly ensure that the passphrase file is created, which might allow local users to bypass intended access restrictions at a certain time in the new-user creation steps."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2011:0898",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"name": "https://launchpad.net/ecryptfs/+download",
"refsource": "CONFIRM",
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=729465",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2011-1835",
"datePublished": "2014-02-15T11:00:00",
"dateReserved": "2011-04-27T00:00:00",
"dateUpdated": "2024-08-06T22:37:25.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5188 (GCVE-0-2008-5188)
Vulnerability from nvd – Published: 2008-11-21 02:00 – Updated: 2024-08-07 10:40
VLAI?
Summary
The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through 61 in eCryptfs place cleartext passwords on command lines, which allows local users to obtain sensitive information by listing the process.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:40:17.228Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20081023 CVE request for ecryptfs",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/23/3"
},
{
"name": "[oss-security] 20081029 Re: CVE request for ecryptfs",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/29/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/bugs/287908"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/mhalcrow/ecryptfs-utils.git%3Ba=commit%3Bh=06de99afd53f03fe07eda0ad9d61ac6d5d4d9f53"
},
{
"name": "50355",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50355"
},
{
"name": "[oss-security] 20081029 Re: CVE request for ecryptfs",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/29/4"
},
{
"name": "32382",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32382"
},
{
"name": "50354",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50354"
},
{
"name": "ecryptfsutils-setupprivate-info-disclosure(46073)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46073"
},
{
"name": "49334",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/49334"
},
{
"name": "RHSA-2009:1307",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-1307.html"
},
{
"name": "36552",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36552"
},
{
"name": "oval:org.mitre.oval:def:9607",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9607"
},
{
"name": "50353",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50353"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through 61 in eCryptfs place cleartext passwords on command lines, which allows local users to obtain sensitive information by listing the process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20081023 CVE request for ecryptfs",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/23/3"
},
{
"name": "[oss-security] 20081029 Re: CVE request for ecryptfs",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/29/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/bugs/287908"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/mhalcrow/ecryptfs-utils.git%3Ba=commit%3Bh=06de99afd53f03fe07eda0ad9d61ac6d5d4d9f53"
},
{
"name": "50355",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50355"
},
{
"name": "[oss-security] 20081029 Re: CVE request for ecryptfs",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/29/4"
},
{
"name": "32382",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32382"
},
{
"name": "50354",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50354"
},
{
"name": "ecryptfsutils-setupprivate-info-disclosure(46073)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46073"
},
{
"name": "49334",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/49334"
},
{
"name": "RHSA-2009:1307",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-1307.html"
},
{
"name": "36552",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36552"
},
{
"name": "oval:org.mitre.oval:def:9607",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9607"
},
{
"name": "50353",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50353"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5188",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through 61 in eCryptfs place cleartext passwords on command lines, which allows local users to obtain sensitive information by listing the process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20081023 CVE request for ecryptfs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/23/3"
},
{
"name": "[oss-security] 20081029 Re: CVE request for ecryptfs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/29/7"
},
{
"name": "https://launchpad.net/bugs/287908",
"refsource": "CONFIRM",
"url": "https://launchpad.net/bugs/287908"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/mhalcrow/ecryptfs-utils.git;a=commit;h=06de99afd53f03fe07eda0ad9d61ac6d5d4d9f53",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/mhalcrow/ecryptfs-utils.git;a=commit;h=06de99afd53f03fe07eda0ad9d61ac6d5d4d9f53"
},
{
"name": "50355",
"refsource": "OSVDB",
"url": "http://osvdb.org/50355"
},
{
"name": "[oss-security] 20081029 Re: CVE request for ecryptfs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/29/4"
},
{
"name": "32382",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32382"
},
{
"name": "50354",
"refsource": "OSVDB",
"url": "http://osvdb.org/50354"
},
{
"name": "ecryptfsutils-setupprivate-info-disclosure(46073)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46073"
},
{
"name": "49334",
"refsource": "OSVDB",
"url": "http://osvdb.org/49334"
},
{
"name": "RHSA-2009:1307",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2009-1307.html"
},
{
"name": "36552",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36552"
},
{
"name": "oval:org.mitre.oval:def:9607",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9607"
},
{
"name": "50353",
"refsource": "OSVDB",
"url": "http://osvdb.org/50353"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5188",
"datePublished": "2008-11-21T02:00:00",
"dateReserved": "2008-11-20T00:00:00",
"dateUpdated": "2024-08-07T10:40:17.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}