CVE-2011-1835Ecryptfs-utils vulnerability

CWE-2558 documents7 sources
Severity
4.4MEDIUMNVD
EPSS
0.1%
top 81.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Ecryptfs Ecryptfs-utilsDebian Ecryptfs-utilsEcryptfs Utils
Timeline
PublishedFeb 15
Latest updateMay 17

Description

The encrypted private-directory setup process in utils/ecryptfs-setup-private in ecryptfs-utils before 90 does not properly ensure that the passphrase file is created, which might allow local users to bypass intended access restrictions at a certain time in the new-user creation steps.

CVSS vector

AV:L/AC:M/C:P/I:P/A:PExploitability: 3.4 | Impact: 6.4

Affected Packages4 packages

debiandebian/ecryptfs-utils< ecryptfs-utils 92-1 (bookworm)
Debianecryptfs/ecryptfs-utils< 92-1+3
NVDecryptfs/ecryptfs_utils4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-5w9q-2c3w-jmw2: The encrypted private-directory setup process in utils/ecryptfs-setup-private in ecryptfs-utils before 90 does not properly ensure that the passphrase2022-05-17
OSV
CVE-2011-1835: The encrypted private-directory setup process in utils/ecryptfs-setup-private in ecryptfs-utils before 90 does not properly ensure that the passphrase2014-02-15

📋Vendor Advisories

3
Ubuntu
eCryptfs vulnerabilities2011-08-09
Red Hat
ecryptfs: multiple flaws to mount/umount arbitrary locations and possibly disclose confidential information2011-08-09
Debian
CVE-2011-1835: ecryptfs-utils - The encrypted private-directory setup process in utils/ecryptfs-setup-private in...2011

💬Community

2
Bugzilla
CVE-2011-1831 CVE-2011-1832 CVE-2011-1834 CVE-2011-1835 CVE-2011-1837 ecryptfs: multiple flaws to mount/umount arbitrary locations and possibly disclose confidential information2011-08-09
Bugzilla
CVE-2011-1831 CVE-2011-1832 CVE-2011-1834 CVE-2011-1835 CVE-2011-1836 CVE-2011-1837 ecryptfs: multiple flaws to mount/umount arbitrary locations and possibly disclose confidential information [fedora-2011-08-09
CVE-2011-1835 — Debian Ecryptfs-utils vulnerability | cvebase