CVE-2012-3409 — Improper Input Validation in Ecryptfs-utils

CWE-20 — Improper Input Validation7 documents6 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 77.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ecryptfs-utils Ecryptfs Ecryptfs-utils Debian Ecryptfs-utils +1 more

Timeline

PublishedDec 20

Latest updateApr 23

Description

ecryptfs-utils: suid helper does not restrict mounting filesystems with nosuid,nodev which creates a possible privilege escalation

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶debiandebian/ecryptfs-utils< ecryptfs-utils 99-1 (bookworm)

▶NVDecryptfs/ecryptfs-utils86 — 99

▶CVEListV5ecryptfs-utils/ecryptfs-utils< 99

▶Debianecryptfs/ecryptfs-utils< 99-1+3

Also affects: Debian Linux 8.0, 9.0

🔴Vulnerability Details

GHSA

GHSA-xjcq-2h6g-jf3c: ecryptfs-utils: suid helper does not restrict mounting filesystems with nosuid,nodev which creates a possible privilege escalation↗2022-04-23

▶

OSV

CVE-2012-3409: ecryptfs-utils: suid helper does not restrict mounting filesystems with nosuid,nodev which creates a possible privilege escalation↗2019-12-20

▶

📋Vendor Advisories

Red Hat

ecryptfs-utils: suid helper does not restrict mounting filesystems with nosuid,nodev leading to possible privilege escalation↗2012-07-10

▶

Debian

CVE-2012-3409: ecryptfs-utils - ecryptfs-utils: suid helper does not restrict mounting filesystems with nosuid,n...↗2012

▶

💬Community

Bugzilla

CVE-2012-3409 ecryptfs-utils: suid helper does not restrict mounting filesystems with nosuid,nodev leading to possible privilege escalation [fedora-all]↗2012-07-24

▶

Bugzilla

CVE-2012-3409 ecryptfs-utils: suid helper does not restrict mounting filesystems with nosuid,nodev leading to possible privilege escalation↗2012-07-20

▶