Lucene search

K

[email protected]NVD:CVE-2011-1835

HistoryFeb 15, 2014 - 2:57 p.m.

CVE-2011-1835

2014-02-1514:57:06

CWE-255

[email protected]

web.nvd.nist.gov

1

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

The encrypted private-directory setup process in utils/ecryptfs-setup-private in ecryptfs-utils before 90 does not properly ensure that the passphrase file is created, which might allow local users to bypass intended access restrictions at a certain time in the new-user creation steps.

Affected configurations

NVD

Node

ecryptfsecryptfs-utilsRange≤89

OR

ecryptfsecryptfs-utilsMatch62

OR

ecryptfsecryptfs-utilsMatch63

OR

ecryptfsecryptfs-utilsMatch64

OR

ecryptfsecryptfs-utilsMatch65

OR

ecryptfsecryptfs-utilsMatch66

OR

ecryptfsecryptfs-utilsMatch67

OR

ecryptfsecryptfs-utilsMatch68

OR

ecryptfsecryptfs-utilsMatch69

OR

ecryptfsecryptfs-utilsMatch70

OR

ecryptfsecryptfs-utilsMatch71

OR

ecryptfsecryptfs-utilsMatch72

OR

ecryptfsecryptfs-utilsMatch73

OR

ecryptfsecryptfs-utilsMatch74

OR

ecryptfsecryptfs-utilsMatch75

OR

ecryptfsecryptfs-utilsMatch76

OR

ecryptfsecryptfs-utilsMatch77

OR

ecryptfsecryptfs-utilsMatch78

OR

ecryptfsecryptfs-utilsMatch79

OR

ecryptfsecryptfs-utilsMatch80

OR

ecryptfsecryptfs-utilsMatch81

OR

ecryptfsecryptfs-utilsMatch82

OR

ecryptfsecryptfs-utilsMatch83

OR

ecryptfsecryptfs-utilsMatch84

OR

ecryptfsecryptfs-utilsMatch85

OR

ecryptfsecryptfs-utilsMatch86

OR

ecryptfsecryptfs-utilsMatch87

OR

ecryptfsecryptfs_utilsMatch58

OR

ecryptfsecryptfs_utilsMatch59

OR

ecryptfsecryptfs_utilsMatch60

OR

ecryptfsecryptfs_utilsMatch61

References

lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html

www.ubuntu.com/usn/USN-1188-1

bugzilla.redhat.com/show_bug.cgi?id=729465

launchpad.net/ecryptfs/+download

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

Related for NVD:CVE-2011-1835

cve1 ubuntucve1 debiancve1 prion1 cvelist1 veracode1 debian1 suse2 nessus12 osv1 openvas21 centos1 redhat1 fedora5 ubuntu1 securityvulns2 oraclelinux1