=========================================================================Ubuntu Security Notice USN-1188-1
August 09, 2011

ecryptfs-utils vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS

Summary:

eCryptfs could be tricked into mounting and unmounting arbitrary locations,
and possibly disclose confidential information.

Software Description:
- ecryptfs-utils: ecryptfs cryptographic filesystem (utilities)

Details:

Vasiliy Kulikov and Dan Rosenberg discovered that eCryptfs incorrectly
validated permissions on the requested mountpoint. A local attacker could
use this flaw to mount to arbitrary locations, leading to privilege
escalation. (CVE-2011-1831)

Vasiliy Kulikov and Dan Rosenberg discovered that eCryptfs incorrectly
validated permissions on the requested mountpoint. A local attacker could
use this flaw to unmount to arbitrary locations, leading to a denial of
service. (CVE-2011-1832)

Vasiliy Kulikov and Dan Rosenberg discovered that eCryptfs incorrectly
validated permissions on the requested source directory. A local attacker
could use this flaw to mount an arbitrary directory, possibly leading to
information disclosure. A pending kernel update will provide the other
half of the fix for this issue. (CVE-2011-1833)

Dan Rosenberg and Marc Deslauriers discovered that eCryptfs incorrectly
handled modifications to the mtab file when an error occurs. A local
attacker could use this flaw to corrupt the mtab file, and possibly unmount
arbitrary locations, leading to a denial of service. (CVE-2011-1834)

Marc Deslauriers discovered that eCryptfs incorrectly handled keys when
setting up an encrypted private directory. A local attacker could use this
flaw to manipulate keys during creation of a new user. (CVE-2011-1835)

Marc Deslauriers discovered that eCryptfs incorrectly handled permissions
during recovery. A local attacker could use this flaw to possibly access
another user's data during the recovery process. This issue only applied to
Ubuntu 11.04. (CVE-2011-1836)

Vasiliy Kulikov discovered that eCryptfs incorrectly handled lock counters.
A local attacker could use this flaw to possibly overwrite arbitrary files.
The default symlink restrictions in Ubuntu 10.10 and 11.04 should protect
against this issue. (CVE-2011-1837)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.04:
  ecryptfs-utils                  87-0ubuntu1.1

Ubuntu 10.10:
  ecryptfs-utils                  83-0ubuntu3.2.10.10.1

Ubuntu 10.04 LTS:
  ecryptfs-utils                  83-0ubuntu3.2.10.04.1

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-1188-1
  CVE-2011-1831, CVE-2011-1832, CVE-2011-1833, CVE-2011-1834,
  CVE-2011-1835, CVE-2011-1836, CVE-2011-1837

Package Information:
  https://launchpad.net/ubuntu/+source/ecryptfs-utils/87-0ubuntu1.1
  https://launchpad.net/ubuntu/+source/ecryptfs-utils/83-0ubuntu3.2.10.10.1
  https://launchpad.net/ubuntu/+source/ecryptfs-utils/83-0ubuntu3.2.10.04.1

Ubuntu 1188-1: eCryptfs vulnerabilities

August 9, 2011
eCryptfs could be tricked into mounting and unmounting arbitrary locations, and possibly disclose confidential information.

Summary

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 11.04: ecryptfs-utils 87-0ubuntu1.1 Ubuntu 10.10: ecryptfs-utils 83-0ubuntu3.2.10.10.1 Ubuntu 10.04 LTS: ecryptfs-utils 83-0ubuntu3.2.10.04.1 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-1188-1

CVE-2011-1831, CVE-2011-1832, CVE-2011-1833, CVE-2011-1834,

CVE-2011-1835, CVE-2011-1836, CVE-2011-1837

Severity
August 09, 2011

Package Information

https://launchpad.net/ubuntu/+source/ecryptfs-utils/87-0ubuntu1.1 https://launchpad.net/ubuntu/+source/ecryptfs-utils/83-0ubuntu3.2.10.10.1 https://launchpad.net/ubuntu/+source/ecryptfs-utils/83-0ubuntu3.2.10.04.1

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved