Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

Ubuntu 11.04 USN-1196-1 Critical: eCryptfs Denial Of Service

Calendar Aug 23, 2011 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory denial of service critical ubuntu permission issues ecryptfs-utils ecryptfs
An attacker could use eCryptfs to unmount arbitrary locations and cause a denial of service. 
=========================================================================Ubuntu Security Notice USN-1196-1
August 23, 2011

ecryptfs-utils vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS

Summary:

An attacker could use eCryptfs to unmount arbitrary locations and cause a
denial of service.

Software Description:
- ecryptfs-utils: ecryptfs cryptographic filesystem (utilities)

Details:

It was discovered that eCryptfs incorrectly handled permissions when
modifying the mtab file. A local attacker could use this flaw to manipulate
the mtab file, and possibly unmount arbitrary locations, leading to a
denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.04:
  ecryptfs-utils                  87-0ubuntu1.2

Ubuntu 10.10:
  ecryptfs-utils                  83-0ubuntu3.2.10.10.2

Ubuntu 10.04 LTS:
  ecryptfs-utils                  83-0ubuntu3.2.10.04.2

In general, a standard system update will make all the necessary changes.

References:
  
  CVE-2011-3145

Package Information:
  https://launchpad.net/ubuntu/+source/ecryptfs-utils/87-0ubuntu1.2
  https://launchpad.net/ubuntu/+source/ecryptfs-utils/83-0ubuntu3.2.10.10.2
  https://launchpad.net/ubuntu/+source/ecryptfs-utils/83-0ubuntu3.2.10.04.2

Ubuntu 11.04 USN-1196-1 Critical: eCryptfs Denial Of Service

ubuntu
Calendar Grey August 23, 2011
Dist Ubuntu Esm H88
A security flaw in the implementation of eCryptfs may allow an assailant to leverage configuration errors, resulting in potential downtime on Ubuntu platforms. Immediate patching recommended.
An attacker could use eCryptfs to unmount arbitrary locations and cause a denial of service.

Summary

Topics%20covered

Topics Covered

security advisory denial of service critical ubuntu permission issues ecryptfs-utils ecryptfs

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 11.04: ecryptfs-utils 87-0ubuntu1.2 Ubuntu 10.10: ecryptfs-utils 83-0ubuntu3.2.10.10.2 Ubuntu 10.04 LTS: ecryptfs-utils 83-0ubuntu3.2.10.04.2 In general, a standard system update will make all the necessary changes.

References

CVE-2011-3145

Severity
critical
Lowest
Low
Medium
High
Critical

August 23, 2011

Topics%20covered

Topics Covered

security advisory denial of service critical ubuntu permission issues ecryptfs-utils ecryptfs

Package Information

https://launchpad.net/ubuntu/+source/ecryptfs-utils/87-0ubuntu1.2 https://launchpad.net/ubuntu/+source/ecryptfs-utils/83-0ubuntu3.2.10.10.2 https://launchpad.net/ubuntu/+source/ecryptfs-utils/83-0ubuntu3.2.10.04.2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here