Ubuntu 783-1: eCryptfs vulnerability

    Date08 Jun 2009
    CategoryUbuntu
    354
    Posted ByLinuxSecurity Advisories
    Chris Jones discovered that the eCryptfs support utilities wouldreport the mount passphrase into installation logs when an eCryptfshome directory was selected during Ubuntu installation. The logs areonly readable by the root user, but this still left the mount passphraseunencrypted on disk, potentially leading to a loss of privacy. [More...]
    ===========================================================
    Ubuntu Security Notice USN-783-1              June 08, 2009
    ecryptfs-utils vulnerability
    CVE-2009-1296
    ===========================================================
    
    A security issue affects the following Ubuntu releases:
    
    Ubuntu 9.04
    
    This advisory also applies to the corresponding versions of
    Kubuntu, Edubuntu, and Xubuntu.
    
    The problem can be corrected by upgrading your system to the
    following package versions:
    
    Ubuntu 9.04:
      ecryptfs-utils                  73-0ubuntu6.1
    
    In general, a standard system upgrade is sufficient to effect the
    necessary changes.
    
    Details follow:
    
    Chris Jones discovered that the eCryptfs support utilities would
    report the mount passphrase into installation logs when an eCryptfs
    home directory was selected during Ubuntu installation.  The logs are
    only readable by the root user, but this still left the mount passphrase
    unencrypted on disk, potentially leading to a loss of privacy.
    
    
    Updated packages for Ubuntu 9.04:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/e/ecryptfs-utils/ecryptfs-utils_73-0ubuntu6.1.diff.gz
          Size/MD5:    12184 7f965e34c9eb44ceae0bafc65a3cc434
        http://security.ubuntu.com/ubuntu/pool/main/e/ecryptfs-utils/ecryptfs-utils_73-0ubuntu6.1.dsc
          Size/MD5:     1707 d12ca96dd31ab19e559d8e4a86052b4c
        http://security.ubuntu.com/ubuntu/pool/main/e/ecryptfs-utils/ecryptfs-utils_73.orig.tar.gz
          Size/MD5:   504056 cd1c344b4cabf16971a405db353cb5cd
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/e/ecryptfs-utils/ecryptfs-utils_73-0ubuntu6.1_amd64.deb
          Size/MD5:   102032 cb22885adb2b4cab782ef18167fc94c6
        http://security.ubuntu.com/ubuntu/pool/main/e/ecryptfs-utils/libecryptfs-dev_73-0ubuntu6.1_amd64.deb
          Size/MD5:    62688 be22d84e388e0dbecf4286ccdd829fb1
        http://security.ubuntu.com/ubuntu/pool/main/e/ecryptfs-utils/libecryptfs0_73-0ubuntu6.1_amd64.deb
          Size/MD5:    68838 fe8104a4a5e469c6bd57378c5c0c40b2
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/e/ecryptfs-utils/ecryptfs-utils_73-0ubuntu6.1_i386.deb
          Size/MD5:    96908 e737d11e4132c59d2ab3b97257010ebe
        http://security.ubuntu.com/ubuntu/pool/main/e/ecryptfs-utils/libecryptfs-dev_73-0ubuntu6.1_i386.deb
          Size/MD5:    56284 d02501ddb287e2e32422570228ebc6a6
        http://security.ubuntu.com/ubuntu/pool/main/e/ecryptfs-utils/libecryptfs0_73-0ubuntu6.1_i386.deb
          Size/MD5:    65424 e8e6e045f06a6a43493f1b50c4f55138
    
      lpia architecture (Low Power Intel Architecture):
    
        http://ports.ubuntu.com/pool/main/e/ecryptfs-utils/ecryptfs-utils_73-0ubuntu6.1_lpia.deb
          Size/MD5:    96272 23e8f81d0b3b678abf548d316ad13a8a
        http://ports.ubuntu.com/pool/main/e/ecryptfs-utils/libecryptfs-dev_73-0ubuntu6.1_lpia.deb
          Size/MD5:    55578 780f0e6fc6accf33b5a0419ddf3930c5
        http://ports.ubuntu.com/pool/main/e/ecryptfs-utils/libecryptfs0_73-0ubuntu6.1_lpia.deb
          Size/MD5:    63784 18a5b3f566928e63518fc5e2a87fd66e
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/e/ecryptfs-utils/ecryptfs-utils_73-0ubuntu6.1_powerpc.deb
          Size/MD5:   117060 479282ff1ba602eedaf6246770c276fc
        http://ports.ubuntu.com/pool/main/e/ecryptfs-utils/libecryptfs-dev_73-0ubuntu6.1_powerpc.deb
          Size/MD5:    63200 689a7a750b08350be0252dc6ad571b08
        http://ports.ubuntu.com/pool/main/e/ecryptfs-utils/libecryptfs0_73-0ubuntu6.1_powerpc.deb
          Size/MD5:    73604 2d03fa7da4649c06aa3b1d29a6512923
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/e/ecryptfs-utils/ecryptfs-utils_73-0ubuntu6.1_sparc.deb
          Size/MD5:    97944 37ecc02c57e7ae4efd708cbb9bfc2d74
        http://ports.ubuntu.com/pool/main/e/ecryptfs-utils/libecryptfs-dev_73-0ubuntu6.1_sparc.deb
          Size/MD5:    58200 db71c5e6ad82ffdd119d739904e427d1
        http://ports.ubuntu.com/pool/main/e/ecryptfs-utils/libecryptfs0_73-0ubuntu6.1_sparc.deb
          Size/MD5:    63088 6513b0bbbc6ec32c2360e05467470b8d
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":54.35,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":10.87,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"16","type":"x","order":"3","pct":34.78,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.