CVE-2009-1296 — Sensitive Information Exposure in Ecryptfs-utils

CWE-200 — Sensitive Information Exposure7 documents6 sources

Severity

1.9LOWNVD

EPSS

0.1%

top 79.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ecryptfs Ecryptfs-utils Debian Ecryptfs-utils Ubuntu 73-oubuntu +1 more

Timeline

PublishedJun 9

Latest updateMay 2

Description

The eCryptfs support utilities (ecryptfs-utils) 73-0ubuntu6.1 on Ubuntu 9.04 stores the mount passphrase in installation logs, which might allow local users to obtain access to the filesystem by reading the log files from disk. NOTE: the log files are only readable by root.

CVSS vector

AV:L/AC:M/C:P/I:N/A:NExploitability: 3.4 | Impact: 2.9

Affected Packages4 packages

▶debiandebian/ecryptfs-utils< ecryptfs-utils 75-2 (bookworm)

▶Debianecryptfs/ecryptfs-utils< 75-2+3

▶NVDubuntu/ubuntu9.0.4

▶NVDubuntu/73-oubuntu6.1

🔴Vulnerability Details

GHSA

GHSA-wp7j-cfx2-2rxm: The eCryptfs support utilities (ecryptfs-utils) 73-0ubuntu6↗2022-05-02

▶

OSV

CVE-2009-1296: The eCryptfs support utilities (ecryptfs-utils) 73-0ubuntu6↗2009-06-09

▶

📋Vendor Advisories

Red Hat

groff: improper handling of failed attempts to create temporary directories in eqn2graph/pic2graph/grap2graph↗2009-08-14

▶

Ubuntu

eCryptfs vulnerability↗2009-06-08

▶

Debian

CVE-2009-1296: ecryptfs-utils - The eCryptfs support utilities (ecryptfs-utils) 73-0ubuntu6.1 on Ubuntu 9.04 sto...↗2009

▶

Red Hat

CVE-2009-1296: The eCryptfs support utilities (ecryptfs-utils) 73-0ubuntu6↗

▶