CVE-2011-1833Race Condition in Ecryptfs-utils

CWE-264CWE-362Race ConditionCWE-367Time-of-check Time-of-use (TOCTOU) Race Condition20 documents7 sources
Severity
3.3LOWNVD
EPSS
0.0%
top 97.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Ecryptfs Ecryptfs-utilsDebian Ecryptfs-utilsLinux Kernel
Timeline
PublishedOct 3
Latest updateMay 17

Description

Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in the eCryptfs subsystem in the Linux kernel before 3.1 allows local users to bypass intended file permissions via a mount.ecryptfs_private mount with a mismatched uid.

CVSS vector

AV:L/AC:M/C:P/I:P/A:NExploitability: 3.4 | Impact: 4.9

Affected Packages3 packages

debiandebian/ecryptfs-utils< ecryptfs-utils 92-1 (bookworm)
Debianecryptfs/ecryptfs-utils< 92-1+3
NVDlinux/linux_kernel3.0.44+44

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-6h3p-7rvv-c5j9: Race condition in the ecryptfs_mount function in fs/ecryptfs/main2022-05-17
OSV
CVE-2011-1833: Race condition in the ecryptfs_mount function in fs/ecryptfs/main2012-10-03

📋Vendor Advisories

13
Ubuntu
Linux kernel (Natty backport) vulnerabilities2011-11-09
Ubuntu
Linux kernel vulnerabilities2011-11-08
Ubuntu
Linux kernel (EC2) vulnerabilities2011-10-25
Ubuntu
Linux kernel (Marvell DOVE) vulnerabilities2011-10-25
Ubuntu
Linux kernel vulnerabilities2011-10-11

💬Community

4
Bugzilla
CVE-2011-1833 kernel: ecryptfs: mount source TOCTOU race [fedora-all]2011-10-25
Bugzilla
CVE-2011-1833 kernel: ecryptfs: mount source TOCTOU race2011-08-16
Bugzilla
CVE-2011-1831 CVE-2011-1832 CVE-2011-1834 CVE-2011-1835 CVE-2011-1837 ecryptfs: multiple flaws to mount/umount arbitrary locations and possibly disclose confidential information2011-08-09
Bugzilla
CVE-2011-1831 CVE-2011-1832 CVE-2011-1834 CVE-2011-1835 CVE-2011-1836 CVE-2011-1837 ecryptfs: multiple flaws to mount/umount arbitrary locations and possibly disclose confidential information [fedora-2011-08-09