Debian Linux Security Advisory 2382-1 - Several problems have been discovered in ecryptfs-utils, a cryptographic filesystem for Linux.
7f3fba9fb2a1cbc606e25d39de03a150254f1845a6b7f75e8a065d1aa8c34661Red Hat Security Advisory 2011-1241-01 - eCryptfs is a stacked, cryptographic file system. It is transparent to the underlying file system and provides per-file granularity. eCryptfs is released as a Technology Preview for Red Hat Enterprise Linux 5 and 6. The setuid mount.ecryptfs_private utility allows users to mount an eCryptfs file system. This utility can only be run by users in the "ecryptfs" group. A race condition flaw was found in the way mount.ecryptfs_private checked the permissions of a requested mount point when mounting an encrypted file system. A local attacker could possibly use this flaw to escalate their privileges by mounting over an arbitrary directory.
6c5fc7a1ef62462fd1abff6cb7503e6efebb23451416bf6378dfd2e8325605e1Ubuntu Security Notice 1188-1 - Vasiliy Kulikov and Dan Rosenberg discovered that eCryptfs incorrectly validated permissions on the requested mountpoint. A local attacker could use this flaw to mount to arbitrary locations, leading to privilege escalation. Vasiliy Kulikov and Dan Rosenberg discovered that eCryptfs incorrectly validated permissions on the requested mountpoint. A local attacker could use this flaw to unmount to arbitrary locations, leading to a denial of service. Various other issues were also addressed.
fe2f44aca4f4d78e3767514f59f7522f711afb4689ded54a89988c06b03f35e8
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed