Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
21 vulnerabilities found for ecryptfs_utils by ecryptfs
FKIE_CVE-2011-1834
Vulnerability from fkie_nvd - Published: 2014-02-15 14:57 - Updated: 2025-04-11 00:51
Severity ?
Summary
utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly maintain the mtab file during error conditions, which allows local users to cause a denial of service (table corruption) or bypass intended unmounting restrictions via a umount system call.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ecryptfs | ecryptfs-utils | * | |
| ecryptfs | ecryptfs-utils | 62 | |
| ecryptfs | ecryptfs-utils | 63 | |
| ecryptfs | ecryptfs-utils | 64 | |
| ecryptfs | ecryptfs-utils | 65 | |
| ecryptfs | ecryptfs-utils | 66 | |
| ecryptfs | ecryptfs-utils | 67 | |
| ecryptfs | ecryptfs-utils | 68 | |
| ecryptfs | ecryptfs-utils | 69 | |
| ecryptfs | ecryptfs-utils | 70 | |
| ecryptfs | ecryptfs-utils | 71 | |
| ecryptfs | ecryptfs-utils | 72 | |
| ecryptfs | ecryptfs-utils | 73 | |
| ecryptfs | ecryptfs-utils | 74 | |
| ecryptfs | ecryptfs-utils | 75 | |
| ecryptfs | ecryptfs-utils | 76 | |
| ecryptfs | ecryptfs-utils | 77 | |
| ecryptfs | ecryptfs-utils | 78 | |
| ecryptfs | ecryptfs-utils | 79 | |
| ecryptfs | ecryptfs-utils | 80 | |
| ecryptfs | ecryptfs-utils | 81 | |
| ecryptfs | ecryptfs-utils | 82 | |
| ecryptfs | ecryptfs-utils | 83 | |
| ecryptfs | ecryptfs-utils | 84 | |
| ecryptfs | ecryptfs-utils | 85 | |
| ecryptfs | ecryptfs-utils | 86 | |
| ecryptfs | ecryptfs-utils | 87 | |
| ecryptfs | ecryptfs_utils | 58 | |
| ecryptfs | ecryptfs_utils | 59 | |
| ecryptfs | ecryptfs_utils | 60 | |
| ecryptfs | ecryptfs_utils | 61 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E226CD-F9E6-4B09-93B9-569D0FBDE943",
"versionEndIncluding": "89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:62:*:*:*:*:*:*:*",
"matchCriteriaId": "D197F4A3-473A-48FF-9C7F-658C6C1A6447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:63:*:*:*:*:*:*:*",
"matchCriteriaId": "723E43D2-1130-424E-915E-1A6272FCEB41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:64:*:*:*:*:*:*:*",
"matchCriteriaId": "E01C51EC-BE54-48B9-B9A5-740836C97B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:65:*:*:*:*:*:*:*",
"matchCriteriaId": "0AFDA6DA-B6D7-4AAC-9288-A6AA459BE69B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:66:*:*:*:*:*:*:*",
"matchCriteriaId": "FC251173-56EF-47A9-A119-F9C274BAD2CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:67:*:*:*:*:*:*:*",
"matchCriteriaId": "605ABD47-0352-49ED-A144-7C5696E38C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:68:*:*:*:*:*:*:*",
"matchCriteriaId": "93457510-CCBF-4D63-B308-060BBAC06D2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:69:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C9AC87-2A7B-45B5-BE9C-8244B777FAA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:70:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC81566-A73B-463B-86AE-D81B25C5849E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:71:*:*:*:*:*:*:*",
"matchCriteriaId": "DD2BA072-A019-42FA-946D-53E01AC034AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:72:*:*:*:*:*:*:*",
"matchCriteriaId": "77BDB4AC-112A-4CE9-88C7-4DEC352C7766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:73:*:*:*:*:*:*:*",
"matchCriteriaId": "574C934F-BDE7-4917-B24D-586DF6E148F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:74:*:*:*:*:*:*:*",
"matchCriteriaId": "74DB67B9-A924-4228-918F-322838B74E48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:75:*:*:*:*:*:*:*",
"matchCriteriaId": "6916E70E-C639-4880-83AC-5A90C589FFDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:76:*:*:*:*:*:*:*",
"matchCriteriaId": "CF0B9852-4258-4963-98C4-7FED40BB0BC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:77:*:*:*:*:*:*:*",
"matchCriteriaId": "A1862F4F-D023-4C9E-B2CD-F6DF282AB351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:78:*:*:*:*:*:*:*",
"matchCriteriaId": "6A905D1F-F329-451E-92E1-E3AEA75000BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:79:*:*:*:*:*:*:*",
"matchCriteriaId": "3CBD61AB-AE3C-4B21-A369-F38ED20489F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:80:*:*:*:*:*:*:*",
"matchCriteriaId": "06DC6EF5-1192-4186-B99B-9615BF74F7B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:81:*:*:*:*:*:*:*",
"matchCriteriaId": "F16E0B1E-C7FA-48D3-ACE1-5CCC4C8E3319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:82:*:*:*:*:*:*:*",
"matchCriteriaId": "6FD6A8D7-2FEE-43B6-A6C2-C18A13A0E870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:83:*:*:*:*:*:*:*",
"matchCriteriaId": "181A9F89-9B45-4025-BB7F-42B0AF6CB534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:84:*:*:*:*:*:*:*",
"matchCriteriaId": "CC38EDAA-BF0C-4BE3-9151-995A329B6653",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:85:*:*:*:*:*:*:*",
"matchCriteriaId": "BE16EEF5-2EC2-4D35-8D0A-778E5F647600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:86:*:*:*:*:*:*:*",
"matchCriteriaId": "F7759293-210E-498E-BF9C-E11A748174CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:87:*:*:*:*:*:*:*",
"matchCriteriaId": "0A41D43F-E57C-41CB-A121-D1E3692900B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:58:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A6D32-8A3D-4A25-BF1E-2ED812539F00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:59:*:*:*:*:*:*:*",
"matchCriteriaId": "AB9630D3-DE46-4C60-A9B0-57B8B9B3C857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:60:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE4E253-4CE1-4122-8FFA-974A466D309B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:61:*:*:*:*:*:*:*",
"matchCriteriaId": "74A6D874-CFFC-49C8-8BB0-DC5DA52E5A16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly maintain the mtab file during error conditions, which allows local users to cause a denial of service (table corruption) or bypass intended unmounting restrictions via a umount system call."
},
{
"lang": "es",
"value": "utils/mount.ecryptfs_private.c en ecryptfs-utils anterior a 90 no mantiene debidamente el archivo mtab durante condiciones de error, lo que permite a usuarios locales causar una denegaci\u00f3n de servicio (corrupci\u00f3n de tabla) o evadir restricciones de desmontaje a trav\u00e9s de una llamada al sistema umount."
}
],
"id": "CVE-2011-1834",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-15T14:57:06.300",
"references": [
{
"source": "security@ubuntu.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"source": "security@ubuntu.com",
"url": "http://www.ubuntu.com/usn/USN-1188-1"
},
{
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"source": "security@ubuntu.com",
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1188-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://launchpad.net/ecryptfs/+download"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-1835
Vulnerability from fkie_nvd - Published: 2014-02-15 14:57 - Updated: 2025-04-11 00:51
Severity ?
Summary
The encrypted private-directory setup process in utils/ecryptfs-setup-private in ecryptfs-utils before 90 does not properly ensure that the passphrase file is created, which might allow local users to bypass intended access restrictions at a certain time in the new-user creation steps.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ecryptfs | ecryptfs-utils | * | |
| ecryptfs | ecryptfs-utils | 62 | |
| ecryptfs | ecryptfs-utils | 63 | |
| ecryptfs | ecryptfs-utils | 64 | |
| ecryptfs | ecryptfs-utils | 65 | |
| ecryptfs | ecryptfs-utils | 66 | |
| ecryptfs | ecryptfs-utils | 67 | |
| ecryptfs | ecryptfs-utils | 68 | |
| ecryptfs | ecryptfs-utils | 69 | |
| ecryptfs | ecryptfs-utils | 70 | |
| ecryptfs | ecryptfs-utils | 71 | |
| ecryptfs | ecryptfs-utils | 72 | |
| ecryptfs | ecryptfs-utils | 73 | |
| ecryptfs | ecryptfs-utils | 74 | |
| ecryptfs | ecryptfs-utils | 75 | |
| ecryptfs | ecryptfs-utils | 76 | |
| ecryptfs | ecryptfs-utils | 77 | |
| ecryptfs | ecryptfs-utils | 78 | |
| ecryptfs | ecryptfs-utils | 79 | |
| ecryptfs | ecryptfs-utils | 80 | |
| ecryptfs | ecryptfs-utils | 81 | |
| ecryptfs | ecryptfs-utils | 82 | |
| ecryptfs | ecryptfs-utils | 83 | |
| ecryptfs | ecryptfs-utils | 84 | |
| ecryptfs | ecryptfs-utils | 85 | |
| ecryptfs | ecryptfs-utils | 86 | |
| ecryptfs | ecryptfs-utils | 87 | |
| ecryptfs | ecryptfs_utils | 58 | |
| ecryptfs | ecryptfs_utils | 59 | |
| ecryptfs | ecryptfs_utils | 60 | |
| ecryptfs | ecryptfs_utils | 61 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E226CD-F9E6-4B09-93B9-569D0FBDE943",
"versionEndIncluding": "89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:62:*:*:*:*:*:*:*",
"matchCriteriaId": "D197F4A3-473A-48FF-9C7F-658C6C1A6447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:63:*:*:*:*:*:*:*",
"matchCriteriaId": "723E43D2-1130-424E-915E-1A6272FCEB41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:64:*:*:*:*:*:*:*",
"matchCriteriaId": "E01C51EC-BE54-48B9-B9A5-740836C97B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:65:*:*:*:*:*:*:*",
"matchCriteriaId": "0AFDA6DA-B6D7-4AAC-9288-A6AA459BE69B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:66:*:*:*:*:*:*:*",
"matchCriteriaId": "FC251173-56EF-47A9-A119-F9C274BAD2CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:67:*:*:*:*:*:*:*",
"matchCriteriaId": "605ABD47-0352-49ED-A144-7C5696E38C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:68:*:*:*:*:*:*:*",
"matchCriteriaId": "93457510-CCBF-4D63-B308-060BBAC06D2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:69:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C9AC87-2A7B-45B5-BE9C-8244B777FAA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:70:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC81566-A73B-463B-86AE-D81B25C5849E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:71:*:*:*:*:*:*:*",
"matchCriteriaId": "DD2BA072-A019-42FA-946D-53E01AC034AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:72:*:*:*:*:*:*:*",
"matchCriteriaId": "77BDB4AC-112A-4CE9-88C7-4DEC352C7766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:73:*:*:*:*:*:*:*",
"matchCriteriaId": "574C934F-BDE7-4917-B24D-586DF6E148F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:74:*:*:*:*:*:*:*",
"matchCriteriaId": "74DB67B9-A924-4228-918F-322838B74E48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:75:*:*:*:*:*:*:*",
"matchCriteriaId": "6916E70E-C639-4880-83AC-5A90C589FFDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:76:*:*:*:*:*:*:*",
"matchCriteriaId": "CF0B9852-4258-4963-98C4-7FED40BB0BC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:77:*:*:*:*:*:*:*",
"matchCriteriaId": "A1862F4F-D023-4C9E-B2CD-F6DF282AB351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:78:*:*:*:*:*:*:*",
"matchCriteriaId": "6A905D1F-F329-451E-92E1-E3AEA75000BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:79:*:*:*:*:*:*:*",
"matchCriteriaId": "3CBD61AB-AE3C-4B21-A369-F38ED20489F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:80:*:*:*:*:*:*:*",
"matchCriteriaId": "06DC6EF5-1192-4186-B99B-9615BF74F7B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:81:*:*:*:*:*:*:*",
"matchCriteriaId": "F16E0B1E-C7FA-48D3-ACE1-5CCC4C8E3319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:82:*:*:*:*:*:*:*",
"matchCriteriaId": "6FD6A8D7-2FEE-43B6-A6C2-C18A13A0E870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:83:*:*:*:*:*:*:*",
"matchCriteriaId": "181A9F89-9B45-4025-BB7F-42B0AF6CB534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:84:*:*:*:*:*:*:*",
"matchCriteriaId": "CC38EDAA-BF0C-4BE3-9151-995A329B6653",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:85:*:*:*:*:*:*:*",
"matchCriteriaId": "BE16EEF5-2EC2-4D35-8D0A-778E5F647600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:86:*:*:*:*:*:*:*",
"matchCriteriaId": "F7759293-210E-498E-BF9C-E11A748174CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:87:*:*:*:*:*:*:*",
"matchCriteriaId": "0A41D43F-E57C-41CB-A121-D1E3692900B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:58:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A6D32-8A3D-4A25-BF1E-2ED812539F00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:59:*:*:*:*:*:*:*",
"matchCriteriaId": "AB9630D3-DE46-4C60-A9B0-57B8B9B3C857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:60:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE4E253-4CE1-4122-8FFA-974A466D309B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:61:*:*:*:*:*:*:*",
"matchCriteriaId": "74A6D874-CFFC-49C8-8BB0-DC5DA52E5A16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The encrypted private-directory setup process in utils/ecryptfs-setup-private in ecryptfs-utils before 90 does not properly ensure that the passphrase file is created, which might allow local users to bypass intended access restrictions at a certain time in the new-user creation steps."
},
{
"lang": "es",
"value": "El proceso de configuraci\u00f3n de directorio privado cifrado en utils/ecryptfs-setup-private en ecryptfs-utils anterior a 90 no asegura debidamente que el archivo passphrase es creado, lo que podr\u00eda permitir a usuarios locales evadir las restricciones de acceso en cierto momento en los pasos de creaci\u00f3n de un nuevo usuario."
}
],
"id": "CVE-2011-1835",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-15T14:57:06.330",
"references": [
{
"source": "security@ubuntu.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"source": "security@ubuntu.com",
"url": "http://www.ubuntu.com/usn/USN-1188-1"
},
{
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"source": "security@ubuntu.com",
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1188-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://launchpad.net/ecryptfs/+download"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-1836
Vulnerability from fkie_nvd - Published: 2014-02-15 14:57 - Updated: 2025-04-11 00:51
Severity ?
Summary
utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ecryptfs | ecryptfs-utils | * | |
| ecryptfs | ecryptfs-utils | 62 | |
| ecryptfs | ecryptfs-utils | 63 | |
| ecryptfs | ecryptfs-utils | 64 | |
| ecryptfs | ecryptfs-utils | 65 | |
| ecryptfs | ecryptfs-utils | 66 | |
| ecryptfs | ecryptfs-utils | 67 | |
| ecryptfs | ecryptfs-utils | 68 | |
| ecryptfs | ecryptfs-utils | 69 | |
| ecryptfs | ecryptfs-utils | 70 | |
| ecryptfs | ecryptfs-utils | 71 | |
| ecryptfs | ecryptfs-utils | 72 | |
| ecryptfs | ecryptfs-utils | 73 | |
| ecryptfs | ecryptfs-utils | 74 | |
| ecryptfs | ecryptfs-utils | 75 | |
| ecryptfs | ecryptfs-utils | 76 | |
| ecryptfs | ecryptfs-utils | 77 | |
| ecryptfs | ecryptfs-utils | 78 | |
| ecryptfs | ecryptfs-utils | 79 | |
| ecryptfs | ecryptfs-utils | 80 | |
| ecryptfs | ecryptfs-utils | 81 | |
| ecryptfs | ecryptfs-utils | 82 | |
| ecryptfs | ecryptfs-utils | 83 | |
| ecryptfs | ecryptfs-utils | 84 | |
| ecryptfs | ecryptfs-utils | 85 | |
| ecryptfs | ecryptfs-utils | 86 | |
| ecryptfs | ecryptfs-utils | 87 | |
| ecryptfs | ecryptfs_utils | 58 | |
| ecryptfs | ecryptfs_utils | 59 | |
| ecryptfs | ecryptfs_utils | 60 | |
| ecryptfs | ecryptfs_utils | 61 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E226CD-F9E6-4B09-93B9-569D0FBDE943",
"versionEndIncluding": "89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:62:*:*:*:*:*:*:*",
"matchCriteriaId": "D197F4A3-473A-48FF-9C7F-658C6C1A6447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:63:*:*:*:*:*:*:*",
"matchCriteriaId": "723E43D2-1130-424E-915E-1A6272FCEB41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:64:*:*:*:*:*:*:*",
"matchCriteriaId": "E01C51EC-BE54-48B9-B9A5-740836C97B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:65:*:*:*:*:*:*:*",
"matchCriteriaId": "0AFDA6DA-B6D7-4AAC-9288-A6AA459BE69B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:66:*:*:*:*:*:*:*",
"matchCriteriaId": "FC251173-56EF-47A9-A119-F9C274BAD2CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:67:*:*:*:*:*:*:*",
"matchCriteriaId": "605ABD47-0352-49ED-A144-7C5696E38C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:68:*:*:*:*:*:*:*",
"matchCriteriaId": "93457510-CCBF-4D63-B308-060BBAC06D2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:69:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C9AC87-2A7B-45B5-BE9C-8244B777FAA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:70:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC81566-A73B-463B-86AE-D81B25C5849E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:71:*:*:*:*:*:*:*",
"matchCriteriaId": "DD2BA072-A019-42FA-946D-53E01AC034AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:72:*:*:*:*:*:*:*",
"matchCriteriaId": "77BDB4AC-112A-4CE9-88C7-4DEC352C7766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:73:*:*:*:*:*:*:*",
"matchCriteriaId": "574C934F-BDE7-4917-B24D-586DF6E148F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:74:*:*:*:*:*:*:*",
"matchCriteriaId": "74DB67B9-A924-4228-918F-322838B74E48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:75:*:*:*:*:*:*:*",
"matchCriteriaId": "6916E70E-C639-4880-83AC-5A90C589FFDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:76:*:*:*:*:*:*:*",
"matchCriteriaId": "CF0B9852-4258-4963-98C4-7FED40BB0BC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:77:*:*:*:*:*:*:*",
"matchCriteriaId": "A1862F4F-D023-4C9E-B2CD-F6DF282AB351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:78:*:*:*:*:*:*:*",
"matchCriteriaId": "6A905D1F-F329-451E-92E1-E3AEA75000BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:79:*:*:*:*:*:*:*",
"matchCriteriaId": "3CBD61AB-AE3C-4B21-A369-F38ED20489F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:80:*:*:*:*:*:*:*",
"matchCriteriaId": "06DC6EF5-1192-4186-B99B-9615BF74F7B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:81:*:*:*:*:*:*:*",
"matchCriteriaId": "F16E0B1E-C7FA-48D3-ACE1-5CCC4C8E3319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:82:*:*:*:*:*:*:*",
"matchCriteriaId": "6FD6A8D7-2FEE-43B6-A6C2-C18A13A0E870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:83:*:*:*:*:*:*:*",
"matchCriteriaId": "181A9F89-9B45-4025-BB7F-42B0AF6CB534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:84:*:*:*:*:*:*:*",
"matchCriteriaId": "CC38EDAA-BF0C-4BE3-9151-995A329B6653",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:85:*:*:*:*:*:*:*",
"matchCriteriaId": "BE16EEF5-2EC2-4D35-8D0A-778E5F647600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:86:*:*:*:*:*:*:*",
"matchCriteriaId": "F7759293-210E-498E-BF9C-E11A748174CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:87:*:*:*:*:*:*:*",
"matchCriteriaId": "0A41D43F-E57C-41CB-A121-D1E3692900B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:58:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A6D32-8A3D-4A25-BF1E-2ED812539F00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:59:*:*:*:*:*:*:*",
"matchCriteriaId": "AB9630D3-DE46-4C60-A9B0-57B8B9B3C857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:60:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE4E253-4CE1-4122-8FFA-974A466D309B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:61:*:*:*:*:*:*:*",
"matchCriteriaId": "74A6D874-CFFC-49C8-8BB0-DC5DA52E5A16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process."
},
{
"lang": "es",
"value": "utils/ecryptfs-recover-private en ecryptfs-utils anterior a 90 no establece un subdirectorio con permisos seguros, lo que podr\u00eda permitir a usuarios locales evadir las restricciones de acceso a trav\u00e9s de operaciones est\u00e1ndar del sistema de ficheros durante el proceso de recuperaci\u00f3n."
}
],
"id": "CVE-2011-1836",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-15T14:57:06.363",
"references": [
{
"source": "security@ubuntu.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"source": "security@ubuntu.com",
"url": "http://www.ubuntu.com/usn/USN-1188-1"
},
{
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"source": "security@ubuntu.com",
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1188-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://launchpad.net/ecryptfs/+download"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-1832
Vulnerability from fkie_nvd - Published: 2014-02-15 14:57 - Updated: 2025-04-11 00:51
Severity ?
Summary
utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to remove directories via a umount system call.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ecryptfs | ecryptfs-utils | * | |
| ecryptfs | ecryptfs-utils | 62 | |
| ecryptfs | ecryptfs-utils | 63 | |
| ecryptfs | ecryptfs-utils | 64 | |
| ecryptfs | ecryptfs-utils | 65 | |
| ecryptfs | ecryptfs-utils | 66 | |
| ecryptfs | ecryptfs-utils | 67 | |
| ecryptfs | ecryptfs-utils | 68 | |
| ecryptfs | ecryptfs-utils | 69 | |
| ecryptfs | ecryptfs-utils | 70 | |
| ecryptfs | ecryptfs-utils | 71 | |
| ecryptfs | ecryptfs-utils | 72 | |
| ecryptfs | ecryptfs-utils | 73 | |
| ecryptfs | ecryptfs-utils | 74 | |
| ecryptfs | ecryptfs-utils | 75 | |
| ecryptfs | ecryptfs-utils | 76 | |
| ecryptfs | ecryptfs-utils | 77 | |
| ecryptfs | ecryptfs-utils | 78 | |
| ecryptfs | ecryptfs-utils | 79 | |
| ecryptfs | ecryptfs-utils | 80 | |
| ecryptfs | ecryptfs-utils | 81 | |
| ecryptfs | ecryptfs-utils | 82 | |
| ecryptfs | ecryptfs-utils | 83 | |
| ecryptfs | ecryptfs-utils | 84 | |
| ecryptfs | ecryptfs-utils | 85 | |
| ecryptfs | ecryptfs-utils | 86 | |
| ecryptfs | ecryptfs-utils | 87 | |
| ecryptfs | ecryptfs_utils | 58 | |
| ecryptfs | ecryptfs_utils | 59 | |
| ecryptfs | ecryptfs_utils | 60 | |
| ecryptfs | ecryptfs_utils | 61 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E226CD-F9E6-4B09-93B9-569D0FBDE943",
"versionEndIncluding": "89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:62:*:*:*:*:*:*:*",
"matchCriteriaId": "D197F4A3-473A-48FF-9C7F-658C6C1A6447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:63:*:*:*:*:*:*:*",
"matchCriteriaId": "723E43D2-1130-424E-915E-1A6272FCEB41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:64:*:*:*:*:*:*:*",
"matchCriteriaId": "E01C51EC-BE54-48B9-B9A5-740836C97B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:65:*:*:*:*:*:*:*",
"matchCriteriaId": "0AFDA6DA-B6D7-4AAC-9288-A6AA459BE69B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:66:*:*:*:*:*:*:*",
"matchCriteriaId": "FC251173-56EF-47A9-A119-F9C274BAD2CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:67:*:*:*:*:*:*:*",
"matchCriteriaId": "605ABD47-0352-49ED-A144-7C5696E38C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:68:*:*:*:*:*:*:*",
"matchCriteriaId": "93457510-CCBF-4D63-B308-060BBAC06D2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:69:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C9AC87-2A7B-45B5-BE9C-8244B777FAA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:70:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC81566-A73B-463B-86AE-D81B25C5849E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:71:*:*:*:*:*:*:*",
"matchCriteriaId": "DD2BA072-A019-42FA-946D-53E01AC034AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:72:*:*:*:*:*:*:*",
"matchCriteriaId": "77BDB4AC-112A-4CE9-88C7-4DEC352C7766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:73:*:*:*:*:*:*:*",
"matchCriteriaId": "574C934F-BDE7-4917-B24D-586DF6E148F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:74:*:*:*:*:*:*:*",
"matchCriteriaId": "74DB67B9-A924-4228-918F-322838B74E48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:75:*:*:*:*:*:*:*",
"matchCriteriaId": "6916E70E-C639-4880-83AC-5A90C589FFDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:76:*:*:*:*:*:*:*",
"matchCriteriaId": "CF0B9852-4258-4963-98C4-7FED40BB0BC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:77:*:*:*:*:*:*:*",
"matchCriteriaId": "A1862F4F-D023-4C9E-B2CD-F6DF282AB351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:78:*:*:*:*:*:*:*",
"matchCriteriaId": "6A905D1F-F329-451E-92E1-E3AEA75000BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:79:*:*:*:*:*:*:*",
"matchCriteriaId": "3CBD61AB-AE3C-4B21-A369-F38ED20489F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:80:*:*:*:*:*:*:*",
"matchCriteriaId": "06DC6EF5-1192-4186-B99B-9615BF74F7B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:81:*:*:*:*:*:*:*",
"matchCriteriaId": "F16E0B1E-C7FA-48D3-ACE1-5CCC4C8E3319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:82:*:*:*:*:*:*:*",
"matchCriteriaId": "6FD6A8D7-2FEE-43B6-A6C2-C18A13A0E870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:83:*:*:*:*:*:*:*",
"matchCriteriaId": "181A9F89-9B45-4025-BB7F-42B0AF6CB534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:84:*:*:*:*:*:*:*",
"matchCriteriaId": "CC38EDAA-BF0C-4BE3-9151-995A329B6653",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:85:*:*:*:*:*:*:*",
"matchCriteriaId": "BE16EEF5-2EC2-4D35-8D0A-778E5F647600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:86:*:*:*:*:*:*:*",
"matchCriteriaId": "F7759293-210E-498E-BF9C-E11A748174CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:87:*:*:*:*:*:*:*",
"matchCriteriaId": "0A41D43F-E57C-41CB-A121-D1E3692900B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:58:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A6D32-8A3D-4A25-BF1E-2ED812539F00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:59:*:*:*:*:*:*:*",
"matchCriteriaId": "AB9630D3-DE46-4C60-A9B0-57B8B9B3C857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:60:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE4E253-4CE1-4122-8FFA-974A466D309B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:61:*:*:*:*:*:*:*",
"matchCriteriaId": "74A6D874-CFFC-49C8-8BB0-DC5DA52E5A16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to remove directories via a umount system call."
},
{
"lang": "es",
"value": "utils/mount.ecryptfs_private.c en ecryptfs-utils anterior a 90 no comprueba debidamente los permisos del punto de montaje, lo que permite a usuarios locales eliminar directorios a trav\u00e9s de una llamada al sistema umount."
}
],
"id": "CVE-2011-1832",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-15T14:57:06.283",
"references": [
{
"source": "security@ubuntu.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"source": "security@ubuntu.com",
"url": "http://www.ubuntu.com/usn/USN-1188-1"
},
{
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"source": "security@ubuntu.com",
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1188-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://launchpad.net/ecryptfs/+download"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-1831
Vulnerability from fkie_nvd - Published: 2014-02-15 14:57 - Updated: 2025-04-11 00:51
Severity ?
Summary
utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to effectively replace any directory with a new filesystem, and consequently gain privileges, via a mount system call.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ecryptfs | ecryptfs-utils | * | |
| ecryptfs | ecryptfs-utils | 62 | |
| ecryptfs | ecryptfs-utils | 63 | |
| ecryptfs | ecryptfs-utils | 64 | |
| ecryptfs | ecryptfs-utils | 65 | |
| ecryptfs | ecryptfs-utils | 66 | |
| ecryptfs | ecryptfs-utils | 67 | |
| ecryptfs | ecryptfs-utils | 68 | |
| ecryptfs | ecryptfs-utils | 69 | |
| ecryptfs | ecryptfs-utils | 70 | |
| ecryptfs | ecryptfs-utils | 71 | |
| ecryptfs | ecryptfs-utils | 72 | |
| ecryptfs | ecryptfs-utils | 73 | |
| ecryptfs | ecryptfs-utils | 74 | |
| ecryptfs | ecryptfs-utils | 75 | |
| ecryptfs | ecryptfs-utils | 76 | |
| ecryptfs | ecryptfs-utils | 77 | |
| ecryptfs | ecryptfs-utils | 78 | |
| ecryptfs | ecryptfs-utils | 79 | |
| ecryptfs | ecryptfs-utils | 80 | |
| ecryptfs | ecryptfs-utils | 81 | |
| ecryptfs | ecryptfs-utils | 82 | |
| ecryptfs | ecryptfs-utils | 83 | |
| ecryptfs | ecryptfs-utils | 84 | |
| ecryptfs | ecryptfs-utils | 85 | |
| ecryptfs | ecryptfs-utils | 86 | |
| ecryptfs | ecryptfs-utils | 87 | |
| ecryptfs | ecryptfs_utils | 58 | |
| ecryptfs | ecryptfs_utils | 59 | |
| ecryptfs | ecryptfs_utils | 60 | |
| ecryptfs | ecryptfs_utils | 61 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E226CD-F9E6-4B09-93B9-569D0FBDE943",
"versionEndIncluding": "89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:62:*:*:*:*:*:*:*",
"matchCriteriaId": "D197F4A3-473A-48FF-9C7F-658C6C1A6447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:63:*:*:*:*:*:*:*",
"matchCriteriaId": "723E43D2-1130-424E-915E-1A6272FCEB41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:64:*:*:*:*:*:*:*",
"matchCriteriaId": "E01C51EC-BE54-48B9-B9A5-740836C97B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:65:*:*:*:*:*:*:*",
"matchCriteriaId": "0AFDA6DA-B6D7-4AAC-9288-A6AA459BE69B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:66:*:*:*:*:*:*:*",
"matchCriteriaId": "FC251173-56EF-47A9-A119-F9C274BAD2CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:67:*:*:*:*:*:*:*",
"matchCriteriaId": "605ABD47-0352-49ED-A144-7C5696E38C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:68:*:*:*:*:*:*:*",
"matchCriteriaId": "93457510-CCBF-4D63-B308-060BBAC06D2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:69:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C9AC87-2A7B-45B5-BE9C-8244B777FAA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:70:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC81566-A73B-463B-86AE-D81B25C5849E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:71:*:*:*:*:*:*:*",
"matchCriteriaId": "DD2BA072-A019-42FA-946D-53E01AC034AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:72:*:*:*:*:*:*:*",
"matchCriteriaId": "77BDB4AC-112A-4CE9-88C7-4DEC352C7766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:73:*:*:*:*:*:*:*",
"matchCriteriaId": "574C934F-BDE7-4917-B24D-586DF6E148F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:74:*:*:*:*:*:*:*",
"matchCriteriaId": "74DB67B9-A924-4228-918F-322838B74E48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:75:*:*:*:*:*:*:*",
"matchCriteriaId": "6916E70E-C639-4880-83AC-5A90C589FFDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:76:*:*:*:*:*:*:*",
"matchCriteriaId": "CF0B9852-4258-4963-98C4-7FED40BB0BC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:77:*:*:*:*:*:*:*",
"matchCriteriaId": "A1862F4F-D023-4C9E-B2CD-F6DF282AB351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:78:*:*:*:*:*:*:*",
"matchCriteriaId": "6A905D1F-F329-451E-92E1-E3AEA75000BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:79:*:*:*:*:*:*:*",
"matchCriteriaId": "3CBD61AB-AE3C-4B21-A369-F38ED20489F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:80:*:*:*:*:*:*:*",
"matchCriteriaId": "06DC6EF5-1192-4186-B99B-9615BF74F7B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:81:*:*:*:*:*:*:*",
"matchCriteriaId": "F16E0B1E-C7FA-48D3-ACE1-5CCC4C8E3319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:82:*:*:*:*:*:*:*",
"matchCriteriaId": "6FD6A8D7-2FEE-43B6-A6C2-C18A13A0E870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:83:*:*:*:*:*:*:*",
"matchCriteriaId": "181A9F89-9B45-4025-BB7F-42B0AF6CB534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:84:*:*:*:*:*:*:*",
"matchCriteriaId": "CC38EDAA-BF0C-4BE3-9151-995A329B6653",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:85:*:*:*:*:*:*:*",
"matchCriteriaId": "BE16EEF5-2EC2-4D35-8D0A-778E5F647600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:86:*:*:*:*:*:*:*",
"matchCriteriaId": "F7759293-210E-498E-BF9C-E11A748174CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:87:*:*:*:*:*:*:*",
"matchCriteriaId": "0A41D43F-E57C-41CB-A121-D1E3692900B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:58:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A6D32-8A3D-4A25-BF1E-2ED812539F00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:59:*:*:*:*:*:*:*",
"matchCriteriaId": "AB9630D3-DE46-4C60-A9B0-57B8B9B3C857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:60:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE4E253-4CE1-4122-8FFA-974A466D309B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:61:*:*:*:*:*:*:*",
"matchCriteriaId": "74A6D874-CFFC-49C8-8BB0-DC5DA52E5A16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to effectively replace any directory with a new filesystem, and consequently gain privileges, via a mount system call."
},
{
"lang": "es",
"value": "utils/mount.ecryptfs_private.c en ecryptfs-utils anterior a 90 no comprueba debidamente los permisos del punto de montaje, lo que permite a usuarios locales reemplazar efectivamente cualquier directorio con un sistema de archivos nuevo, y en consecuencia ganar privilegios, a trav\u00e9s de una llamada al sistema mount."
}
],
"id": "CVE-2011-1831",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-15T14:57:06.253",
"references": [
{
"source": "security@ubuntu.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"source": "security@ubuntu.com",
"url": "http://www.ubuntu.com/usn/USN-1188-1"
},
{
"source": "security@ubuntu.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"source": "security@ubuntu.com",
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1188-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://launchpad.net/ecryptfs/+download"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-1837
Vulnerability from fkie_nvd - Published: 2014-02-15 14:57 - Updated: 2025-04-11 00:51
Severity ?
Summary
The lock-counter implementation in utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 allows local users to overwrite arbitrary files via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ecryptfs | ecryptfs-utils | * | |
| ecryptfs | ecryptfs-utils | 62 | |
| ecryptfs | ecryptfs-utils | 63 | |
| ecryptfs | ecryptfs-utils | 64 | |
| ecryptfs | ecryptfs-utils | 65 | |
| ecryptfs | ecryptfs-utils | 66 | |
| ecryptfs | ecryptfs-utils | 67 | |
| ecryptfs | ecryptfs-utils | 68 | |
| ecryptfs | ecryptfs-utils | 69 | |
| ecryptfs | ecryptfs-utils | 70 | |
| ecryptfs | ecryptfs-utils | 71 | |
| ecryptfs | ecryptfs-utils | 72 | |
| ecryptfs | ecryptfs-utils | 73 | |
| ecryptfs | ecryptfs-utils | 74 | |
| ecryptfs | ecryptfs-utils | 75 | |
| ecryptfs | ecryptfs-utils | 76 | |
| ecryptfs | ecryptfs-utils | 77 | |
| ecryptfs | ecryptfs-utils | 78 | |
| ecryptfs | ecryptfs-utils | 79 | |
| ecryptfs | ecryptfs-utils | 80 | |
| ecryptfs | ecryptfs-utils | 81 | |
| ecryptfs | ecryptfs-utils | 82 | |
| ecryptfs | ecryptfs-utils | 83 | |
| ecryptfs | ecryptfs-utils | 84 | |
| ecryptfs | ecryptfs-utils | 85 | |
| ecryptfs | ecryptfs-utils | 86 | |
| ecryptfs | ecryptfs-utils | 87 | |
| ecryptfs | ecryptfs_utils | 58 | |
| ecryptfs | ecryptfs_utils | 59 | |
| ecryptfs | ecryptfs_utils | 60 | |
| ecryptfs | ecryptfs_utils | 61 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E226CD-F9E6-4B09-93B9-569D0FBDE943",
"versionEndIncluding": "89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:62:*:*:*:*:*:*:*",
"matchCriteriaId": "D197F4A3-473A-48FF-9C7F-658C6C1A6447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:63:*:*:*:*:*:*:*",
"matchCriteriaId": "723E43D2-1130-424E-915E-1A6272FCEB41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:64:*:*:*:*:*:*:*",
"matchCriteriaId": "E01C51EC-BE54-48B9-B9A5-740836C97B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:65:*:*:*:*:*:*:*",
"matchCriteriaId": "0AFDA6DA-B6D7-4AAC-9288-A6AA459BE69B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:66:*:*:*:*:*:*:*",
"matchCriteriaId": "FC251173-56EF-47A9-A119-F9C274BAD2CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:67:*:*:*:*:*:*:*",
"matchCriteriaId": "605ABD47-0352-49ED-A144-7C5696E38C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:68:*:*:*:*:*:*:*",
"matchCriteriaId": "93457510-CCBF-4D63-B308-060BBAC06D2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:69:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C9AC87-2A7B-45B5-BE9C-8244B777FAA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:70:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC81566-A73B-463B-86AE-D81B25C5849E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:71:*:*:*:*:*:*:*",
"matchCriteriaId": "DD2BA072-A019-42FA-946D-53E01AC034AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:72:*:*:*:*:*:*:*",
"matchCriteriaId": "77BDB4AC-112A-4CE9-88C7-4DEC352C7766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:73:*:*:*:*:*:*:*",
"matchCriteriaId": "574C934F-BDE7-4917-B24D-586DF6E148F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:74:*:*:*:*:*:*:*",
"matchCriteriaId": "74DB67B9-A924-4228-918F-322838B74E48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:75:*:*:*:*:*:*:*",
"matchCriteriaId": "6916E70E-C639-4880-83AC-5A90C589FFDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:76:*:*:*:*:*:*:*",
"matchCriteriaId": "CF0B9852-4258-4963-98C4-7FED40BB0BC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:77:*:*:*:*:*:*:*",
"matchCriteriaId": "A1862F4F-D023-4C9E-B2CD-F6DF282AB351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:78:*:*:*:*:*:*:*",
"matchCriteriaId": "6A905D1F-F329-451E-92E1-E3AEA75000BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:79:*:*:*:*:*:*:*",
"matchCriteriaId": "3CBD61AB-AE3C-4B21-A369-F38ED20489F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:80:*:*:*:*:*:*:*",
"matchCriteriaId": "06DC6EF5-1192-4186-B99B-9615BF74F7B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:81:*:*:*:*:*:*:*",
"matchCriteriaId": "F16E0B1E-C7FA-48D3-ACE1-5CCC4C8E3319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:82:*:*:*:*:*:*:*",
"matchCriteriaId": "6FD6A8D7-2FEE-43B6-A6C2-C18A13A0E870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:83:*:*:*:*:*:*:*",
"matchCriteriaId": "181A9F89-9B45-4025-BB7F-42B0AF6CB534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:84:*:*:*:*:*:*:*",
"matchCriteriaId": "CC38EDAA-BF0C-4BE3-9151-995A329B6653",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:85:*:*:*:*:*:*:*",
"matchCriteriaId": "BE16EEF5-2EC2-4D35-8D0A-778E5F647600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:86:*:*:*:*:*:*:*",
"matchCriteriaId": "F7759293-210E-498E-BF9C-E11A748174CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:87:*:*:*:*:*:*:*",
"matchCriteriaId": "0A41D43F-E57C-41CB-A121-D1E3692900B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:58:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A6D32-8A3D-4A25-BF1E-2ED812539F00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:59:*:*:*:*:*:*:*",
"matchCriteriaId": "AB9630D3-DE46-4C60-A9B0-57B8B9B3C857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:60:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE4E253-4CE1-4122-8FFA-974A466D309B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:61:*:*:*:*:*:*:*",
"matchCriteriaId": "74A6D874-CFFC-49C8-8BB0-DC5DA52E5A16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The lock-counter implementation in utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 allows local users to overwrite arbitrary files via unspecified vectors."
},
{
"lang": "es",
"value": "La implementaci\u00f3n lock-counter en utils/mount.ecryptfs_private.c en ecryptfs-utils anterior a 90 permite a usuarios locales sobreescribir archivos arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2011-1837",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-15T14:57:06.377",
"references": [
{
"source": "security@ubuntu.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"source": "security@ubuntu.com",
"url": "http://www.ubuntu.com/usn/USN-1188-1"
},
{
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"source": "security@ubuntu.com",
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1188-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://launchpad.net/ecryptfs/+download"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-5188
Vulnerability from fkie_nvd - Published: 2008-11-21 02:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through 61 in eCryptfs place cleartext passwords on command lines, which allows local users to obtain sensitive information by listing the process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ecryptfs | ecryptfs_utils | 45 | |
| ecryptfs | ecryptfs_utils | 46 | |
| ecryptfs | ecryptfs_utils | 47 | |
| ecryptfs | ecryptfs_utils | 48 | |
| ecryptfs | ecryptfs_utils | 49 | |
| ecryptfs | ecryptfs_utils | 50 | |
| ecryptfs | ecryptfs_utils | 51 | |
| ecryptfs | ecryptfs_utils | 53 | |
| ecryptfs | ecryptfs_utils | 54 | |
| ecryptfs | ecryptfs_utils | 55 | |
| ecryptfs | ecryptfs_utils | 56 | |
| ecryptfs | ecryptfs_utils | 57 | |
| ecryptfs | ecryptfs_utils | 58 | |
| ecryptfs | ecryptfs_utils | 59 | |
| ecryptfs | ecryptfs_utils | 60 | |
| ecryptfs | ecryptfs_utils | 61 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:45:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4E82E6-AF24-4B7F-A6DD-EBCD181CAB54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:46:*:*:*:*:*:*:*",
"matchCriteriaId": "97C0970B-D35A-4D8B-B23D-8174451FF532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:47:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE63E38-3A4F-457C-9F15-66CFC421268B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:48:*:*:*:*:*:*:*",
"matchCriteriaId": "5A290B1C-54BF-456B-8D53-D2D33AE15E93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:49:*:*:*:*:*:*:*",
"matchCriteriaId": "E6844D7B-734C-461A-9F5D-6C246F2DC7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:50:*:*:*:*:*:*:*",
"matchCriteriaId": "3EFE185F-8579-4216-B611-299B7CD9F3F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:51:*:*:*:*:*:*:*",
"matchCriteriaId": "13BEDA62-A7CA-409C-B4D0-84945A3E46ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:53:*:*:*:*:*:*:*",
"matchCriteriaId": "2BDCD33C-7EA6-4922-914D-43472CC23F1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:54:*:*:*:*:*:*:*",
"matchCriteriaId": "F20CFF16-B815-4F76-A099-B805AC1D2776",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:55:*:*:*:*:*:*:*",
"matchCriteriaId": "6B369A92-201D-4F84-9A5C-27853EF8286B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:56:*:*:*:*:*:*:*",
"matchCriteriaId": "4446FE35-FA53-4DC6-86FF-746E1D890340",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:57:*:*:*:*:*:*:*",
"matchCriteriaId": "94190953-E2B5-473B-B3C6-39BBD4C3783E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:58:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A6D32-8A3D-4A25-BF1E-2ED812539F00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:59:*:*:*:*:*:*:*",
"matchCriteriaId": "AB9630D3-DE46-4C60-A9B0-57B8B9B3C857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:60:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE4E253-4CE1-4122-8FFA-974A466D309B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:61:*:*:*:*:*:*:*",
"matchCriteriaId": "74A6D874-CFFC-49C8-8BB0-DC5DA52E5A16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through 61 in eCryptfs place cleartext passwords on command lines, which allows local users to obtain sensitive information by listing the process."
},
{
"lang": "es",
"value": "Las secuencias de comando (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, y (3) ecryptfs-setup-pam-wrapped.sh en ecryptfs-utils v45 hasta la v61 en eCryptfs las lineas de comando y las contrase\u00f1as estan en texto en claro, que permite a usuarios locales conseguir informaci\u00f3n sensible mediante el listado de procesos."
}
],
"id": "CVE-2008-5188",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-11-21T02:30:00.563",
"references": [
{
"source": "cve@mitre.org",
"url": "http://git.kernel.org/?p=linux/kernel/git/mhalcrow/ecryptfs-utils.git%3Ba=commit%3Bh=06de99afd53f03fe07eda0ad9d61ac6d5d4d9f53"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/49334"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/50353"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/50354"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/50355"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2009-1307.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32382"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/36552"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/10/23/3"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/10/29/4"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/10/29/7"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46073"
},
{
"source": "cve@mitre.org",
"url": "https://launchpad.net/bugs/287908"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9607"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.kernel.org/?p=linux/kernel/git/mhalcrow/ecryptfs-utils.git%3Ba=commit%3Bh=06de99afd53f03fe07eda0ad9d61ac6d5d4d9f53"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/49334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/50353"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/50354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/50355"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2009-1307.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/36552"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/10/23/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/10/29/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/10/29/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46073"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://launchpad.net/bugs/287908"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9607"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2011-1831 (GCVE-0-2011-1831)
Vulnerability from cvelistv5 – Published: 2014-02-15 11:00 – Updated: 2024-08-06 22:37
VLAI?
Summary
utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to effectively replace any directory with a new filesystem, and consequently gain privileges, via a mount system call.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2011-08-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:25.762Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2011:0898",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to effectively replace any directory with a new filesystem, and consequently gain privileges, via a mount system call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-06T14:57:00.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "SUSE-SU-2011:0898",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2011-1831",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to effectively replace any directory with a new filesystem, and consequently gain privileges, via a mount system call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2011:0898",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"name": "https://launchpad.net/ecryptfs/+download",
"refsource": "CONFIRM",
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=729465",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2011-1831",
"datePublished": "2014-02-15T11:00:00.000Z",
"dateReserved": "2011-04-27T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:37:25.762Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1834 (GCVE-0-2011-1834)
Vulnerability from cvelistv5 – Published: 2014-02-15 11:00 – Updated: 2024-08-06 22:37
VLAI?
Summary
utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly maintain the mtab file during error conditions, which allows local users to cause a denial of service (table corruption) or bypass intended unmounting restrictions via a umount system call.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2011-08-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:26.062Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2011:0898",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly maintain the mtab file during error conditions, which allows local users to cause a denial of service (table corruption) or bypass intended unmounting restrictions via a umount system call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-06T14:57:00.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "SUSE-SU-2011:0898",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2011-1834",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly maintain the mtab file during error conditions, which allows local users to cause a denial of service (table corruption) or bypass intended unmounting restrictions via a umount system call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2011:0898",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"name": "https://launchpad.net/ecryptfs/+download",
"refsource": "CONFIRM",
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=729465",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2011-1834",
"datePublished": "2014-02-15T11:00:00.000Z",
"dateReserved": "2011-04-27T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:37:26.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1836 (GCVE-0-2011-1836)
Vulnerability from cvelistv5 – Published: 2014-02-15 11:00 – Updated: 2024-08-06 22:37
VLAI?
Summary
utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2011-08-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:25.838Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2011:0898",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-06T14:57:00.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "SUSE-SU-2011:0898",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2011-1836",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2011:0898",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"name": "https://launchpad.net/ecryptfs/+download",
"refsource": "CONFIRM",
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=729465",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2011-1836",
"datePublished": "2014-02-15T11:00:00.000Z",
"dateReserved": "2011-04-27T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:37:25.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1835 (GCVE-0-2011-1835)
Vulnerability from cvelistv5 – Published: 2014-02-15 11:00 – Updated: 2024-08-06 22:37
VLAI?
Summary
The encrypted private-directory setup process in utils/ecryptfs-setup-private in ecryptfs-utils before 90 does not properly ensure that the passphrase file is created, which might allow local users to bypass intended access restrictions at a certain time in the new-user creation steps.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2011-08-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:25.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2011:0898",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The encrypted private-directory setup process in utils/ecryptfs-setup-private in ecryptfs-utils before 90 does not properly ensure that the passphrase file is created, which might allow local users to bypass intended access restrictions at a certain time in the new-user creation steps."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-06T14:57:00.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "SUSE-SU-2011:0898",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2011-1835",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The encrypted private-directory setup process in utils/ecryptfs-setup-private in ecryptfs-utils before 90 does not properly ensure that the passphrase file is created, which might allow local users to bypass intended access restrictions at a certain time in the new-user creation steps."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2011:0898",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"name": "https://launchpad.net/ecryptfs/+download",
"refsource": "CONFIRM",
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=729465",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2011-1835",
"datePublished": "2014-02-15T11:00:00.000Z",
"dateReserved": "2011-04-27T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:37:25.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1837 (GCVE-0-2011-1837)
Vulnerability from cvelistv5 – Published: 2014-02-15 11:00 – Updated: 2024-08-06 22:37
VLAI?
Summary
The lock-counter implementation in utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 allows local users to overwrite arbitrary files via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2011-08-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:25.784Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2011:0898",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The lock-counter implementation in utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 allows local users to overwrite arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-06T14:57:00.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "SUSE-SU-2011:0898",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2011-1837",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The lock-counter implementation in utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 allows local users to overwrite arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2011:0898",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"name": "https://launchpad.net/ecryptfs/+download",
"refsource": "CONFIRM",
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=729465",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2011-1837",
"datePublished": "2014-02-15T11:00:00.000Z",
"dateReserved": "2011-04-27T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:37:25.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1832 (GCVE-0-2011-1832)
Vulnerability from cvelistv5 – Published: 2014-02-15 11:00 – Updated: 2024-08-06 22:37
VLAI?
Summary
utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to remove directories via a umount system call.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2011-08-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:25.811Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2011:0898",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to remove directories via a umount system call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-06T14:57:00.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "SUSE-SU-2011:0898",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2011-1832",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to remove directories via a umount system call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2011:0898",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"name": "https://launchpad.net/ecryptfs/+download",
"refsource": "CONFIRM",
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=729465",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2011-1832",
"datePublished": "2014-02-15T11:00:00.000Z",
"dateReserved": "2011-04-27T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:37:25.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5188 (GCVE-0-2008-5188)
Vulnerability from cvelistv5 – Published: 2008-11-21 02:00 – Updated: 2024-08-07 10:40
VLAI?
Summary
The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through 61 in eCryptfs place cleartext passwords on command lines, which allows local users to obtain sensitive information by listing the process.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2008-10-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:40:17.228Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20081023 CVE request for ecryptfs",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/23/3"
},
{
"name": "[oss-security] 20081029 Re: CVE request for ecryptfs",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/29/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/bugs/287908"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/mhalcrow/ecryptfs-utils.git%3Ba=commit%3Bh=06de99afd53f03fe07eda0ad9d61ac6d5d4d9f53"
},
{
"name": "50355",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50355"
},
{
"name": "[oss-security] 20081029 Re: CVE request for ecryptfs",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/29/4"
},
{
"name": "32382",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32382"
},
{
"name": "50354",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50354"
},
{
"name": "ecryptfsutils-setupprivate-info-disclosure(46073)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46073"
},
{
"name": "49334",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/49334"
},
{
"name": "RHSA-2009:1307",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-1307.html"
},
{
"name": "36552",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36552"
},
{
"name": "oval:org.mitre.oval:def:9607",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9607"
},
{
"name": "50353",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50353"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through 61 in eCryptfs place cleartext passwords on command lines, which allows local users to obtain sensitive information by listing the process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20081023 CVE request for ecryptfs",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/23/3"
},
{
"name": "[oss-security] 20081029 Re: CVE request for ecryptfs",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/29/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/bugs/287908"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/mhalcrow/ecryptfs-utils.git%3Ba=commit%3Bh=06de99afd53f03fe07eda0ad9d61ac6d5d4d9f53"
},
{
"name": "50355",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50355"
},
{
"name": "[oss-security] 20081029 Re: CVE request for ecryptfs",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/29/4"
},
{
"name": "32382",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32382"
},
{
"name": "50354",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50354"
},
{
"name": "ecryptfsutils-setupprivate-info-disclosure(46073)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46073"
},
{
"name": "49334",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/49334"
},
{
"name": "RHSA-2009:1307",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-1307.html"
},
{
"name": "36552",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36552"
},
{
"name": "oval:org.mitre.oval:def:9607",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9607"
},
{
"name": "50353",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50353"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5188",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through 61 in eCryptfs place cleartext passwords on command lines, which allows local users to obtain sensitive information by listing the process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20081023 CVE request for ecryptfs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/23/3"
},
{
"name": "[oss-security] 20081029 Re: CVE request for ecryptfs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/29/7"
},
{
"name": "https://launchpad.net/bugs/287908",
"refsource": "CONFIRM",
"url": "https://launchpad.net/bugs/287908"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/mhalcrow/ecryptfs-utils.git;a=commit;h=06de99afd53f03fe07eda0ad9d61ac6d5d4d9f53",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/mhalcrow/ecryptfs-utils.git;a=commit;h=06de99afd53f03fe07eda0ad9d61ac6d5d4d9f53"
},
{
"name": "50355",
"refsource": "OSVDB",
"url": "http://osvdb.org/50355"
},
{
"name": "[oss-security] 20081029 Re: CVE request for ecryptfs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/29/4"
},
{
"name": "32382",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32382"
},
{
"name": "50354",
"refsource": "OSVDB",
"url": "http://osvdb.org/50354"
},
{
"name": "ecryptfsutils-setupprivate-info-disclosure(46073)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46073"
},
{
"name": "49334",
"refsource": "OSVDB",
"url": "http://osvdb.org/49334"
},
{
"name": "RHSA-2009:1307",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2009-1307.html"
},
{
"name": "36552",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36552"
},
{
"name": "oval:org.mitre.oval:def:9607",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9607"
},
{
"name": "50353",
"refsource": "OSVDB",
"url": "http://osvdb.org/50353"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5188",
"datePublished": "2008-11-21T02:00:00.000Z",
"dateReserved": "2008-11-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:40:17.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1831 (GCVE-0-2011-1831)
Vulnerability from nvd – Published: 2014-02-15 11:00 – Updated: 2024-08-06 22:37
VLAI?
Summary
utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to effectively replace any directory with a new filesystem, and consequently gain privileges, via a mount system call.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2011-08-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:25.762Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2011:0898",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to effectively replace any directory with a new filesystem, and consequently gain privileges, via a mount system call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-06T14:57:00.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "SUSE-SU-2011:0898",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2011-1831",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to effectively replace any directory with a new filesystem, and consequently gain privileges, via a mount system call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2011:0898",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"name": "https://launchpad.net/ecryptfs/+download",
"refsource": "CONFIRM",
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=729465",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2011-1831",
"datePublished": "2014-02-15T11:00:00.000Z",
"dateReserved": "2011-04-27T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:37:25.762Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1834 (GCVE-0-2011-1834)
Vulnerability from nvd – Published: 2014-02-15 11:00 – Updated: 2024-08-06 22:37
VLAI?
Summary
utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly maintain the mtab file during error conditions, which allows local users to cause a denial of service (table corruption) or bypass intended unmounting restrictions via a umount system call.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2011-08-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:26.062Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2011:0898",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly maintain the mtab file during error conditions, which allows local users to cause a denial of service (table corruption) or bypass intended unmounting restrictions via a umount system call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-06T14:57:00.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "SUSE-SU-2011:0898",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2011-1834",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly maintain the mtab file during error conditions, which allows local users to cause a denial of service (table corruption) or bypass intended unmounting restrictions via a umount system call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2011:0898",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"name": "https://launchpad.net/ecryptfs/+download",
"refsource": "CONFIRM",
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=729465",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2011-1834",
"datePublished": "2014-02-15T11:00:00.000Z",
"dateReserved": "2011-04-27T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:37:26.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1836 (GCVE-0-2011-1836)
Vulnerability from nvd – Published: 2014-02-15 11:00 – Updated: 2024-08-06 22:37
VLAI?
Summary
utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2011-08-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:25.838Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2011:0898",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-06T14:57:00.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "SUSE-SU-2011:0898",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2011-1836",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2011:0898",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"name": "https://launchpad.net/ecryptfs/+download",
"refsource": "CONFIRM",
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=729465",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2011-1836",
"datePublished": "2014-02-15T11:00:00.000Z",
"dateReserved": "2011-04-27T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:37:25.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1835 (GCVE-0-2011-1835)
Vulnerability from nvd – Published: 2014-02-15 11:00 – Updated: 2024-08-06 22:37
VLAI?
Summary
The encrypted private-directory setup process in utils/ecryptfs-setup-private in ecryptfs-utils before 90 does not properly ensure that the passphrase file is created, which might allow local users to bypass intended access restrictions at a certain time in the new-user creation steps.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2011-08-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:25.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2011:0898",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The encrypted private-directory setup process in utils/ecryptfs-setup-private in ecryptfs-utils before 90 does not properly ensure that the passphrase file is created, which might allow local users to bypass intended access restrictions at a certain time in the new-user creation steps."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-06T14:57:00.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "SUSE-SU-2011:0898",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2011-1835",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The encrypted private-directory setup process in utils/ecryptfs-setup-private in ecryptfs-utils before 90 does not properly ensure that the passphrase file is created, which might allow local users to bypass intended access restrictions at a certain time in the new-user creation steps."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2011:0898",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"name": "https://launchpad.net/ecryptfs/+download",
"refsource": "CONFIRM",
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=729465",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2011-1835",
"datePublished": "2014-02-15T11:00:00.000Z",
"dateReserved": "2011-04-27T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:37:25.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1837 (GCVE-0-2011-1837)
Vulnerability from nvd – Published: 2014-02-15 11:00 – Updated: 2024-08-06 22:37
VLAI?
Summary
The lock-counter implementation in utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 allows local users to overwrite arbitrary files via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2011-08-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:25.784Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2011:0898",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The lock-counter implementation in utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 allows local users to overwrite arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-06T14:57:00.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "SUSE-SU-2011:0898",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2011-1837",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The lock-counter implementation in utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 allows local users to overwrite arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2011:0898",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"name": "https://launchpad.net/ecryptfs/+download",
"refsource": "CONFIRM",
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=729465",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2011-1837",
"datePublished": "2014-02-15T11:00:00.000Z",
"dateReserved": "2011-04-27T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:37:25.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1832 (GCVE-0-2011-1832)
Vulnerability from nvd – Published: 2014-02-15 11:00 – Updated: 2024-08-06 22:37
VLAI?
Summary
utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to remove directories via a umount system call.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2011-08-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:25.811Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2011:0898",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to remove directories via a umount system call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-06T14:57:00.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "SUSE-SU-2011:0898",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2011-1832",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to remove directories via a umount system call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2011:0898",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"name": "https://launchpad.net/ecryptfs/+download",
"refsource": "CONFIRM",
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=729465",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2011-1832",
"datePublished": "2014-02-15T11:00:00.000Z",
"dateReserved": "2011-04-27T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:37:25.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5188 (GCVE-0-2008-5188)
Vulnerability from nvd – Published: 2008-11-21 02:00 – Updated: 2024-08-07 10:40
VLAI?
Summary
The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through 61 in eCryptfs place cleartext passwords on command lines, which allows local users to obtain sensitive information by listing the process.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2008-10-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:40:17.228Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20081023 CVE request for ecryptfs",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/23/3"
},
{
"name": "[oss-security] 20081029 Re: CVE request for ecryptfs",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/29/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/bugs/287908"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/mhalcrow/ecryptfs-utils.git%3Ba=commit%3Bh=06de99afd53f03fe07eda0ad9d61ac6d5d4d9f53"
},
{
"name": "50355",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50355"
},
{
"name": "[oss-security] 20081029 Re: CVE request for ecryptfs",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/29/4"
},
{
"name": "32382",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32382"
},
{
"name": "50354",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50354"
},
{
"name": "ecryptfsutils-setupprivate-info-disclosure(46073)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46073"
},
{
"name": "49334",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/49334"
},
{
"name": "RHSA-2009:1307",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-1307.html"
},
{
"name": "36552",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36552"
},
{
"name": "oval:org.mitre.oval:def:9607",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9607"
},
{
"name": "50353",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50353"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through 61 in eCryptfs place cleartext passwords on command lines, which allows local users to obtain sensitive information by listing the process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20081023 CVE request for ecryptfs",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/23/3"
},
{
"name": "[oss-security] 20081029 Re: CVE request for ecryptfs",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/29/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/bugs/287908"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/mhalcrow/ecryptfs-utils.git%3Ba=commit%3Bh=06de99afd53f03fe07eda0ad9d61ac6d5d4d9f53"
},
{
"name": "50355",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50355"
},
{
"name": "[oss-security] 20081029 Re: CVE request for ecryptfs",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/29/4"
},
{
"name": "32382",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32382"
},
{
"name": "50354",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50354"
},
{
"name": "ecryptfsutils-setupprivate-info-disclosure(46073)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46073"
},
{
"name": "49334",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/49334"
},
{
"name": "RHSA-2009:1307",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-1307.html"
},
{
"name": "36552",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36552"
},
{
"name": "oval:org.mitre.oval:def:9607",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9607"
},
{
"name": "50353",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50353"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5188",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through 61 in eCryptfs place cleartext passwords on command lines, which allows local users to obtain sensitive information by listing the process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20081023 CVE request for ecryptfs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/23/3"
},
{
"name": "[oss-security] 20081029 Re: CVE request for ecryptfs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/29/7"
},
{
"name": "https://launchpad.net/bugs/287908",
"refsource": "CONFIRM",
"url": "https://launchpad.net/bugs/287908"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/mhalcrow/ecryptfs-utils.git;a=commit;h=06de99afd53f03fe07eda0ad9d61ac6d5d4d9f53",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/mhalcrow/ecryptfs-utils.git;a=commit;h=06de99afd53f03fe07eda0ad9d61ac6d5d4d9f53"
},
{
"name": "50355",
"refsource": "OSVDB",
"url": "http://osvdb.org/50355"
},
{
"name": "[oss-security] 20081029 Re: CVE request for ecryptfs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/29/4"
},
{
"name": "32382",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32382"
},
{
"name": "50354",
"refsource": "OSVDB",
"url": "http://osvdb.org/50354"
},
{
"name": "ecryptfsutils-setupprivate-info-disclosure(46073)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46073"
},
{
"name": "49334",
"refsource": "OSVDB",
"url": "http://osvdb.org/49334"
},
{
"name": "RHSA-2009:1307",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2009-1307.html"
},
{
"name": "36552",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36552"
},
{
"name": "oval:org.mitre.oval:def:9607",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9607"
},
{
"name": "50353",
"refsource": "OSVDB",
"url": "http://osvdb.org/50353"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5188",
"datePublished": "2008-11-21T02:00:00.000Z",
"dateReserved": "2008-11-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:40:17.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}