ID OPENVAS:1361412562310840729 Type openvas Reporter Copyright (c) 2011 Greenbone Networks GmbH Modified 2019-03-13T00:00:00
Description
Ubuntu Update for Linux kernel vulnerabilities USN-1196-1
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_ubuntu_USN_1196_1.nasl 14132 2019-03-13 09:25:59Z cfischer $
#
# Ubuntu Update for ecryptfs-utils USN-1196-1
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if(description)
{
script_xref(name:"URL", value:"http://www.ubuntu.com/usn/usn-1196-1/");
script_oid("1.3.6.1.4.1.25623.1.0.840729");
script_version("$Revision: 14132 $");
script_tag(name:"last_modification", value:"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $");
script_tag(name:"creation_date", value:"2011-08-27 16:37:49 +0200 (Sat, 27 Aug 2011)");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_xref(name:"USN", value:"1196-1");
script_cve_id("CVE-2011-3145");
script_name("Ubuntu Update for ecryptfs-utils USN-1196-1");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
script_family("Ubuntu Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages", re:"ssh/login/release=UBUNTU(10\.10|10\.04 LTS|11\.04)");
script_tag(name:"summary", value:"Ubuntu Update for Linux kernel vulnerabilities USN-1196-1");
script_tag(name:"affected", value:"ecryptfs-utils on Ubuntu 11.04,
Ubuntu 10.10,
Ubuntu 10.04 LTS");
script_tag(name:"solution", value:"Please Install the Updated Packages.");
script_tag(name:"insight", value:"It was discovered that eCryptfs incorrectly handled permissions when
modifying the mtab file. A local attacker could use this flaw to manipulate
the mtab file, and possibly unmount arbitrary locations, leading to a
denial of service.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
if(release == "UBUNTU10.10")
{
if ((res = isdpkgvuln(pkg:"ecryptfs-utils", ver:"83-0ubuntu3.2.10.10.2", rls:"UBUNTU10.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
if(release == "UBUNTU10.04 LTS")
{
if ((res = isdpkgvuln(pkg:"ecryptfs-utils", ver:"83-0ubuntu3.2.10.04.2", rls:"UBUNTU10.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
if(release == "UBUNTU11.04")
{
if ((res = isdpkgvuln(pkg:"ecryptfs-utils", ver:"87-0ubuntu1.2", rls:"UBUNTU11.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
{"id": "OPENVAS:1361412562310840729", "type": "openvas", "bulletinFamily": "scanner", "title": "Ubuntu Update for ecryptfs-utils USN-1196-1", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1196-1", "published": "2011-08-27T00:00:00", "modified": "2019-03-13T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840729", "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "references": ["http://www.ubuntu.com/usn/usn-1196-1/", "1196-1"], "cvelist": ["CVE-2011-3145"], "lastseen": "2019-05-29T18:39:53", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2011-3145"]}, {"type": "ubuntu", "idList": ["USN-1196-1"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231070701", "OPENVAS:870476", "OPENVAS:863844", "OPENVAS:70701", "OPENVAS:880998", "OPENVAS:1361412562310122096", "OPENVAS:1361412562310881245", "OPENVAS:840729", "OPENVAS:1361412562310880998", "OPENVAS:1361412562310863844"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11848", "SECURITYVULNS:DOC:26893"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-2382.NASL", "UBUNTU_USN-1196-1.NASL", "SUSE_11_ECRYPTFS-UTILS-120420.NASL", "REDHAT-RHSA-2011-1241.NASL", "FEDORA_2011-11871.NASL", "CENTOS_RHSA-2011-1241.NASL", "FEDORA_2011-11936.NASL", "SUSE_11_4_ECRYPTFS-UTILS-111214.NASL", "FEDORA_2011-11979.NASL", "SUSE_11_3_ECRYPTFS-UTILS-111214.NASL"]}, {"type": "fedora", "idList": ["FEDORA:345FEC1A79", "FEDORA:C6B22C19F7", "FEDORA:242992085A"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2382-1:5A69C"]}, {"type": "centos", "idList": ["CESA-2011:1241"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-1241", "ELSA-2018-1196-1"]}, {"type": "redhat", "idList": ["RHSA-2011:1241"]}], "modified": "2019-05-29T18:39:53", "rev": 2}, "score": {"value": 5.3, "vector": "NONE", "modified": "2019-05-29T18:39:53", "rev": 2}, "vulnersScore": 5.3}, "pluginID": "1361412562310840729", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1196_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for ecryptfs-utils USN-1196-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1196-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840729\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-27 16:37:49 +0200 (Sat, 27 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"USN\", value:\"1196-1\");\n script_cve_id(\"CVE-2011-3145\");\n script_name(\"Ubuntu Update for ecryptfs-utils USN-1196-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.10|10\\.04 LTS|11\\.04)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1196-1\");\n script_tag(name:\"affected\", value:\"ecryptfs-utils on Ubuntu 11.04,\n Ubuntu 10.10,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that eCryptfs incorrectly handled permissions when\n modifying the mtab file. A local attacker could use this flaw to manipulate\n the mtab file, and possibly unmount arbitrary locations, leading to a\n denial of service.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"ecryptfs-utils\", ver:\"83-0ubuntu3.2.10.10.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"ecryptfs-utils\", ver:\"83-0ubuntu3.2.10.04.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"ecryptfs-utils\", ver:\"87-0ubuntu1.2\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "naslFamily": "Ubuntu Local Security Checks"}
{"cve": [{"lastseen": "2021-02-02T05:51:05", "description": "When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfs_private.", "edition": 5, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-04-22T16:29:00", "title": "CVE-2011-3145", "type": "cve", "cwe": ["CWE-254"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3145"], "modified": "2019-10-09T23:03:00", "cpe": ["cpe:/a:mount.ecrpytfs_private_project:mount.ecrpytfs_private:-"], "id": "CVE-2011-3145", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3145", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:mount.ecrpytfs_private_project:mount.ecrpytfs_private:-:*:*:*:*:*:*:*"]}], "ubuntu": [{"lastseen": "2020-07-08T23:38:58", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3145"], "description": "It was discovered that eCryptfs incorrectly handled permissions when \nmodifying the mtab file. A local attacker could use this flaw to manipulate \nthe mtab file, and possibly unmount arbitrary locations, leading to a \ndenial of service.", "edition": 4, "modified": "2011-08-23T00:00:00", "published": "2011-08-23T00:00:00", "href": "https://ubuntu.com/security/notices/USN-1196-1", "id": "USN-1196-1", "title": "eCryptfs vulnerability", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2018-01-03T10:57:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3145"], "description": "Check for the Version of ecryptfs-utils", "modified": "2018-01-03T00:00:00", "published": "2012-03-19T00:00:00", "id": "OPENVAS:863844", "href": "http://plugins.openvas.org/nasl.php?oid=863844", "type": "openvas", "title": "Fedora Update for ecryptfs-utils FEDORA-2011-11871", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for ecryptfs-utils FEDORA-2011-11871\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"eCryptfs is a stacked cryptographic filesystem that ships in Linux\n kernel versions 2.6.19 and above. This package provides the mount\n helper and supporting libraries to perform key management and mount\n functions.\n\n Install ecryptfs-utils if you would like to mount eCryptfs.\";\n\ntag_affected = \"ecryptfs-utils on Fedora 16\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066577.html\");\n script_id(863844);\n script_version(\"$Revision: 8273 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-03 07:29:19 +0100 (Wed, 03 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-19 12:24:54 +0530 (Mon, 19 Mar 2012)\");\n script_cve_id(\"CVE-2011-3145\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-11871\");\n script_name(\"Fedora Update for ecryptfs-utils FEDORA-2011-11871\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of ecryptfs-utils\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n if ((res = isrpmvuln(pkg:\"ecryptfs-utils\", rpm:\"ecryptfs-utils~90~2.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-12-04T11:26:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3145"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1196-1", "modified": "2017-12-01T00:00:00", "published": "2011-08-27T00:00:00", "id": "OPENVAS:840729", "href": "http://plugins.openvas.org/nasl.php?oid=840729", "type": "openvas", "title": "Ubuntu Update for ecryptfs-utils USN-1196-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1196_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for ecryptfs-utils USN-1196-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that eCryptfs incorrectly handled permissions when\n modifying the mtab file. A local attacker could use this flaw to manipulate\n the mtab file, and possibly unmount arbitrary locations, leading to a\n denial of service.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1196-1\";\ntag_affected = \"ecryptfs-utils on Ubuntu 11.04 ,\n Ubuntu 10.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1196-1/\");\n script_id(840729);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-27 16:37:49 +0200 (Sat, 27 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"1196-1\");\n script_cve_id(\"CVE-2011-3145\");\n script_name(\"Ubuntu Update for ecryptfs-utils USN-1196-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"ecryptfs-utils\", ver:\"83-0ubuntu3.2.10.10.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"ecryptfs-utils\", ver:\"83-0ubuntu3.2.10.04.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"ecryptfs-utils\", ver:\"87-0ubuntu1.2\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-05-29T18:38:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3145"], "description": "The remote host is missing an update for the ", "modified": "2019-05-01T00:00:00", "published": "2012-03-19T00:00:00", "id": "OPENVAS:1361412562310863844", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863844", "type": "openvas", "title": "Fedora Update for ecryptfs-utils FEDORA-2011-11871", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for ecryptfs-utils FEDORA-2011-11871\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066577.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863844\");\n script_version(\"2019-05-01T16:02:02+0000\");\n script_tag(name:\"last_modification\", value:\"2019-05-01 16:02:02 +0000 (Wed, 01 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2012-03-19 12:24:54 +0530 (Mon, 19 Mar 2012)\");\n script_cve_id(\"CVE-2011-3145\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2011-11871\");\n script_name(\"Fedora Update for ecryptfs-utils FEDORA-2011-11871\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ecryptfs-utils'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"ecryptfs-utils on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n if ((res = isrpmvuln(pkg:\"ecryptfs-utils\", rpm:\"ecryptfs-utils~90~2.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:50:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1835", "CVE-2011-1832", "CVE-2011-1837", "CVE-2011-3145", "CVE-2011-1834", "CVE-2011-1831"], "description": "The remote host is missing an update to ecryptfs-utils\nannounced via advisory DSA 2382-1.", "modified": "2017-07-07T00:00:00", "published": "2012-02-11T00:00:00", "id": "OPENVAS:70701", "href": "http://plugins.openvas.org/nasl.php?oid=70701", "type": "openvas", "title": "Debian Security Advisory DSA 2382-1 (ecryptfs-utils)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2382_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2382-1 (ecryptfs-utils)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several problems have been discovered in ecryptfs-utils, a cryptographic\nfilesystem for Linux.\n\nCVE-2011-1831\n\nVasiliy Kulikov of Openwall and Dan Rosenberg discovered that eCryptfs\nincorrectly validated permissions on the requested mountpoint. A local\nattacker could use this flaw to mount to arbitrary locations, leading\nto privilege escalation.\n\nCVE-2011-1832\n\nVasiliy Kulikov of Openwall and Dan Rosenberg discovered that eCryptfs\nincorrectly validated permissions on the requested mountpoint. A local\nattacker could use this flaw to unmount to arbitrary locations, leading\nto a denial of service.\n\nCVE-2011-1834\n\nDan Rosenberg and Marc Deslauriers discovered that eCryptfs incorrectly\nhandled modifications to the mtab file when an error occurs. A local\nattacker could use this flaw to corrupt the mtab file, and possibly\nunmount arbitrary locations, leading to a denial of service.\n\nCVE-2011-1835\n\nMarc Deslauriers discovered that eCryptfs incorrectly handled keys when\nsetting up an encrypted private directory. A local attacker could use\nthis flaw to manipulate keys during creation of a new user.\n\nCVE-2011-1837\n\nVasiliy Kulikov of Openwall discovered that eCryptfs incorrectly handled\nlock counters. A local attacker could use this flaw to possibly overwrite\narbitrary files.\n\nWe acknowledge the work of the Ubuntu distribution in preparing patches\nsuitable for near-direct inclusion in the Debian package.\n\nFor the oldstable distribution (lenny), these problems have been fixed in\nversion 68-1+lenny1.\n\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 83-4+squeeze1.\n\nFor the testing distribution (wheezy) and the unstable distribution (sid),\nthese problems have been fixed in version 95-1.\n\nWe recommend that you upgrade your ecryptfs-utils packages.\";\ntag_summary = \"The remote host is missing an update to ecryptfs-utils\nannounced via advisory DSA 2382-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202382-1\";\n\nif(description)\n{\n script_id(70701);\n script_cve_id(\"CVE-2011-1831\", \"CVE-2011-1832\", \"CVE-2011-1834\",\n \"CVE-2011-1835\", \"CVE-2011-1837\", \"CVE-2011-3145\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-11 03:26:49 -0500 (Sat, 11 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2382-1 (ecryptfs-utils)\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"ecryptfs-utils\", ver:\"68-1+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libecryptfs-dev\", ver:\"68-1+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libecryptfs0\", ver:\"68-1+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ecryptfs-utils\", ver:\"83-4+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ecryptfs-utils-dbg\", ver:\"83-4+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libecryptfs-dev\", ver:\"83-4+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libecryptfs0\", ver:\"83-4+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ecryptfs-utils\", ver:\"95-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ecryptfs-utils-dbg\", ver:\"95-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libecryptfs-dev\", ver:\"95-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libecryptfs0\", ver:\"95-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-ecryptfs\", ver:\"95-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1835", "CVE-2011-1832", "CVE-2011-1837", "CVE-2011-3145", "CVE-2011-1834", "CVE-2011-1831"], "description": "Oracle Linux Local Security Checks ELSA-2011-1241", "modified": "2019-05-01T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310122096", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122096", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2011-1241", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122096\");\n script_version(\"2019-05-01T16:02:02+0000\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:13:00 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"2019-05-01 16:02:02 +0000 (Wed, 01 May 2019)\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-1241\");\n script_tag(name:\"insight\", value:\"ELSA-2011-1241 - ecryptfs-utils security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-1241\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-1241.html\");\n script_cve_id(\"CVE-2011-1831\", \"CVE-2011-1832\", \"CVE-2011-1834\", \"CVE-2011-1835\", \"CVE-2011-1837\", \"CVE-2011-3145\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"ecryptfs-utils\", rpm:\"ecryptfs-utils~75~5.el5_7.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ecryptfs-utils-devel\", rpm:\"ecryptfs-utils-devel~75~5.el5_7.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ecryptfs-utils-gui\", rpm:\"ecryptfs-utils-gui~75~5.el5_7.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"ecryptfs-utils\", rpm:\"ecryptfs-utils~82~6.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ecryptfs-utils-devel\", rpm:\"ecryptfs-utils-devel~82~6.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ecryptfs-utils-python\", rpm:\"ecryptfs-utils-python~82~6.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1835", "CVE-2011-1832", "CVE-2011-1837", "CVE-2011-3145", "CVE-2011-1834", "CVE-2011-1831"], "description": "The remote host is missing an update to ecryptfs-utils\nannounced via advisory DSA 2382-1.", "modified": "2019-03-18T00:00:00", "published": "2012-02-11T00:00:00", "id": "OPENVAS:136141256231070701", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070701", "type": "openvas", "title": "Debian Security Advisory DSA 2382-1 (ecryptfs-utils)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2382_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2382-1 (ecryptfs-utils)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70701\");\n script_cve_id(\"CVE-2011-1831\", \"CVE-2011-1832\", \"CVE-2011-1834\",\n \"CVE-2011-1835\", \"CVE-2011-1837\", \"CVE-2011-3145\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-11 03:26:49 -0500 (Sat, 11 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2382-1 (ecryptfs-utils)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(5|6|7)\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202382-1\");\n script_tag(name:\"insight\", value:\"Several problems have been discovered in ecryptfs-utils, a cryptographic\nfilesystem for Linux.\n\nCVE-2011-1831\n\nVasiliy Kulikov of Openwall and Dan Rosenberg discovered that eCryptfs\nincorrectly validated permissions on the requested mountpoint. A local\nattacker could use this flaw to mount to arbitrary locations, leading\nto privilege escalation.\n\nCVE-2011-1832\n\nVasiliy Kulikov of Openwall and Dan Rosenberg discovered that eCryptfs\nincorrectly validated permissions on the requested mountpoint. A local\nattacker could use this flaw to unmount to arbitrary locations, leading\nto a denial of service.\n\nCVE-2011-1834\n\nDan Rosenberg and Marc Deslauriers discovered that eCryptfs incorrectly\nhandled modifications to the mtab file when an error occurs. A local\nattacker could use this flaw to corrupt the mtab file, and possibly\nunmount arbitrary locations, leading to a denial of service.\n\nCVE-2011-1835\n\nMarc Deslauriers discovered that eCryptfs incorrectly handled keys when\nsetting up an encrypted private directory. A local attacker could use\nthis flaw to manipulate keys during creation of a new user.\n\nCVE-2011-1837\n\nVasiliy Kulikov of Openwall discovered that eCryptfs incorrectly handled\nlock counters. A local attacker could use this flaw to possibly overwrite\narbitrary files.\n\nWe acknowledge the work of the Ubuntu distribution in preparing patches\nsuitable for near-direct inclusion in the Debian package.\n\nFor the oldstable distribution (lenny), these problems have been fixed in\nversion 68-1+lenny1.\n\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 83-4+squeeze1.\n\nFor the testing distribution (wheezy) and the unstable distribution (sid),\nthese problems have been fixed in version 95-1.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your ecryptfs-utils packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to ecryptfs-utils\nannounced via advisory DSA 2382-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"ecryptfs-utils\", ver:\"68-1+lenny1\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libecryptfs-dev\", ver:\"68-1+lenny1\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libecryptfs0\", ver:\"68-1+lenny1\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ecryptfs-utils\", ver:\"83-4+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ecryptfs-utils-dbg\", ver:\"83-4+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libecryptfs-dev\", ver:\"83-4+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libecryptfs0\", ver:\"83-4+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ecryptfs-utils\", ver:\"95-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ecryptfs-utils-dbg\", ver:\"95-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libecryptfs-dev\", ver:\"95-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libecryptfs0\", ver:\"95-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-ecryptfs\", ver:\"95-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1835", "CVE-2011-1832", "CVE-2011-1837", "CVE-2011-3145", "CVE-2011-1834", "CVE-2011-1833", "CVE-2011-1831"], "description": "The remote host is missing an update for the ", "modified": "2019-05-01T00:00:00", "published": "2011-09-23T00:00:00", "id": "OPENVAS:1361412562310880998", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880998", "type": "openvas", "title": "CentOS Update for ecryptfs-utils-75-5.el5_ CESA-2011:1241 centos5 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for ecryptfs-utils-75-5.el5_ CESA-2011:1241 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-September/017811.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880998\");\n script_version(\"2019-05-01T16:02:02+0000\");\n script_tag(name:\"last_modification\", value:\"2019-05-01 16:02:02 +0000 (Wed, 01 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2011-09-23 16:39:49 +0200 (Fri, 23 Sep 2011)\");\n script_xref(name:\"CESA\", value:\"2011:1241\");\n script_cve_id(\"CVE-2011-1831\", \"CVE-2011-1832\", \"CVE-2011-1834\", \"CVE-2011-1835\",\n \"CVE-2011-1837\", \"CVE-2011-3145\", \"CVE-2011-1833\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Update for ecryptfs-utils-75-5.el5_ CESA-2011:1241 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ecryptfs-utils'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"ecryptfs-utils-75-5.el5_ on CentOS 5\");\n script_tag(name:\"insight\", value:\"eCryptfs is a stacked, cryptographic file system. It is transparent to the\n underlying file system and provides per-file granularity. eCryptfs is\n released as a Technology Preview for Red Hat Enterprise Linux 5 and 6.\n\n The setuid mount.ecryptfs_private utility allows users to mount an eCryptfs\n file system. This utility can only be run by users in the 'ecryptfs' group.\n\n A race condition flaw was found in the way mount.ecryptfs_private checked\n the permissions of a requested mount point when mounting an encrypted file\n system. A local attacker could possibly use this flaw to escalate their\n privileges by mounting over an arbitrary directory. (CVE-2011-1831)\n\n A race condition flaw in umount.ecryptfs_private could allow a local\n attacker to unmount an arbitrary file system. (CVE-2011-1832)\n\n It was found that mount.ecryptfs_private did not handle certain errors\n correctly when updating the mtab (mounted file systems table) file,\n allowing a local attacker to corrupt the mtab file and possibly unmount an\n arbitrary file system. (CVE-2011-1834)\n\n An insecure temporary file use flaw was found in the ecryptfs-setup-private\n script. A local attacker could use this script to insert their own key that\n will subsequently be used by a new user, possibly giving the attacker\n access to the user's encrypted data if existing file permissions allow\n access. (CVE-2011-1835)\n\n A race condition flaw in mount.ecryptfs_private could allow a local\n attacker to overwrite arbitrary files. (CVE-2011-1837)\n\n A race condition flaw in the way temporary files were accessed in\n mount.ecryptfs_private could allow a malicious, local user to make\n arbitrary modifications to the mtab file. (CVE-2011-3145)\n\n A race condition flaw was found in the way mount.ecryptfs_private checked\n the permissions of the directory to mount. A local attacker could use this\n flaw to mount (and then access) a directory they would otherwise not have\n access to. Note: The fix for this issue is incomplete until a kernel-space\n change is made. Future Red Hat Enterprise Linux 5 and 6 kernel updates\n will correct this issue. (CVE-2011-1833)\n\n Red Hat would like to thank the Ubuntu Security Team for reporting these\n issues. The Ubuntu Security Team acknowledges Vasiliy Kulikov of Openwall\n and Dan Rosenberg as the original reporters of CVE-2011-1831,\n CVE-2011-1832, and CVE-2011-1833, Dan Rosenberg and Marc Deslauriers as the\n original reporters of CVE-2011-1834, Marc Deslauriers as the original\n reporter of CVE-2011-1835, and Vasiliy Kulikov of Openwall as the original\n reporter of CVE-2011-1837.\n\n Users of ecryptfs-utils are advised to upgrade to these updated packages,\n which contain backported patches to correct these issues.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"ecryptfs-utils\", rpm:\"ecryptfs-utils~75-5.el5~7.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ecryptfs-utils-devel\", rpm:\"ecryptfs-utils-devel~75-5.el5~7.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ecryptfs-utils-gui\", rpm:\"ecryptfs-utils-gui~75-5.el5~7.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-25T10:55:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1835", "CVE-2011-1832", "CVE-2011-1837", "CVE-2011-3145", "CVE-2011-1834", "CVE-2011-1833", "CVE-2011-1831"], "description": "Check for the Version of ecryptfs-utils", "modified": "2017-07-10T00:00:00", "published": "2011-09-23T00:00:00", "id": "OPENVAS:880998", "href": "http://plugins.openvas.org/nasl.php?oid=880998", "type": "openvas", "title": "CentOS Update for ecryptfs-utils-75-5.el5_ CESA-2011:1241 centos5 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for ecryptfs-utils-75-5.el5_ CESA-2011:1241 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"eCryptfs is a stacked, cryptographic file system. It is transparent to the\n underlying file system and provides per-file granularity. eCryptfs is\n released as a Technology Preview for Red Hat Enterprise Linux 5 and 6.\n\n The setuid mount.ecryptfs_private utility allows users to mount an eCryptfs\n file system. This utility can only be run by users in the "ecryptfs" group.\n \n A race condition flaw was found in the way mount.ecryptfs_private checked\n the permissions of a requested mount point when mounting an encrypted file\n system. A local attacker could possibly use this flaw to escalate their\n privileges by mounting over an arbitrary directory. (CVE-2011-1831)\n \n A race condition flaw in umount.ecryptfs_private could allow a local\n attacker to unmount an arbitrary file system. (CVE-2011-1832)\n \n It was found that mount.ecryptfs_private did not handle certain errors\n correctly when updating the mtab (mounted file systems table) file,\n allowing a local attacker to corrupt the mtab file and possibly unmount an\n arbitrary file system. (CVE-2011-1834)\n \n An insecure temporary file use flaw was found in the ecryptfs-setup-private\n script. A local attacker could use this script to insert their own key that\n will subsequently be used by a new user, possibly giving the attacker\n access to the user's encrypted data if existing file permissions allow\n access. (CVE-2011-1835)\n \n A race condition flaw in mount.ecryptfs_private could allow a local\n attacker to overwrite arbitrary files. (CVE-2011-1837)\n \n A race condition flaw in the way temporary files were accessed in\n mount.ecryptfs_private could allow a malicious, local user to make\n arbitrary modifications to the mtab file. (CVE-2011-3145)\n \n A race condition flaw was found in the way mount.ecryptfs_private checked\n the permissions of the directory to mount. A local attacker could use this\n flaw to mount (and then access) a directory they would otherwise not have\n access to. Note: The fix for this issue is incomplete until a kernel-space\n change is made. Future Red Hat Enterprise Linux 5 and 6 kernel updates\n will correct this issue. (CVE-2011-1833)\n \n Red Hat would like to thank the Ubuntu Security Team for reporting these\n issues. The Ubuntu Security Team acknowledges Vasiliy Kulikov of Openwall\n and Dan Rosenberg as the original reporters of CVE-2011-1831,\n CVE-2011-1832, and CVE-2011-1833; Dan Rosenberg and Marc Deslauriers as the\n original reporters of CVE-2011-1834; Marc Deslauriers as the original\n reporter of CVE-2011-1835; and Vasiliy Kulikov of Openwall as the original\n reporter of CVE-2011-1837.\n \n Users of ecryptfs-utils are advised to upgrade to these updated packages,\n which contain backported patches to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"ecryptfs-utils-75-5.el5_ on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-September/017811.html\");\n script_id(880998);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-23 16:39:49 +0200 (Fri, 23 Sep 2011)\");\n script_xref(name: \"CESA\", value: \"2011:1241\");\n script_cve_id(\"CVE-2011-1831\", \"CVE-2011-1832\", \"CVE-2011-1834\", \"CVE-2011-1835\",\n \"CVE-2011-1837\", \"CVE-2011-3145\", \"CVE-2011-1833\");\n script_tag(name:\"cvss_base\", value:\"3.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:N\");\n script_name(\"CentOS Update for ecryptfs-utils-75-5.el5_ CESA-2011:1241 centos5 i386\");\n\n script_summary(\"Check for the Version of ecryptfs-utils\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"ecryptfs-utils\", rpm:\"ecryptfs-utils~75-5.el5~7.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ecryptfs-utils-devel\", rpm:\"ecryptfs-utils-devel~75-5.el5~7.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ecryptfs-utils-gui\", rpm:\"ecryptfs-utils-gui~75-5.el5~7.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-03-14T19:04:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1835", "CVE-2011-1832", "CVE-2011-1837", "CVE-2011-3145", "CVE-2011-1834", "CVE-2011-1833", "CVE-2011-1831"], "description": "The remote host is missing an update for the ", "modified": "2020-03-13T00:00:00", "published": "2011-09-07T00:00:00", "id": "OPENVAS:1361412562310870476", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870476", "type": "openvas", "title": "RedHat Update for ecryptfs-utils RHSA-2011:1241-01", "sourceData": "# Copyright (C) 2011 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-August/msg00026.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870476\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2011-09-07 08:58:04 +0200 (Wed, 07 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"RHSA\", value:\"2011:1241-01\");\n script_cve_id(\"CVE-2011-1831\", \"CVE-2011-1832\", \"CVE-2011-1834\", \"CVE-2011-1835\", \"CVE-2011-1837\", \"CVE-2011-3145\", \"CVE-2011-1833\");\n script_name(\"RedHat Update for ecryptfs-utils RHSA-2011:1241-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ecryptfs-utils'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n script_tag(name:\"affected\", value:\"ecryptfs-utils on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"eCryptfs is a stacked, cryptographic file system. It is transparent to the\n underlying file system and provides per-file granularity. eCryptfs is\n released as a Technology Preview for Red Hat Enterprise Linux 5 and 6.\n\n The setuid mount.ecryptfs_private utility allows users to mount an eCryptfs\n file system. This utility can only be run by users in the 'ecryptfs' group.\n\n A race condition flaw was found in the way mount.ecryptfs_private checked\n the permissions of a requested mount point when mounting an encrypted file\n system. A local attacker could possibly use this flaw to escalate their\n privileges by mounting over an arbitrary directory. (CVE-2011-1831)\n\n A race condition flaw in umount.ecryptfs_private could allow a local\n attacker to unmount an arbitrary file system. (CVE-2011-1832)\n\n It was found that mount.ecryptfs_private did not handle certain errors\n correctly when updating the mtab (mounted file systems table) file,\n allowing a local attacker to corrupt the mtab file and possibly unmount an\n arbitrary file system. (CVE-2011-1834)\n\n An insecure temporary file use flaw was found in the ecryptfs-setup-private\n script. A local attacker could use this script to insert their own key that\n will subsequently be used by a new user, possibly giving the attacker\n access to the user's encrypted data if existing file permissions allow\n access. (CVE-2011-1835)\n\n A race condition flaw in mount.ecryptfs_private could allow a local\n attacker to overwrite arbitrary files. (CVE-2011-1837)\n\n A race condition flaw in the way temporary files were accessed in\n mount.ecryptfs_private could allow a malicious, local user to make\n arbitrary modifications to the mtab file. (CVE-2011-3145)\n\n A race condition flaw was found in the way mount.ecryptfs_private checked\n the permissions of the directory to mount. A local attacker could use this\n flaw to mount (and then access) a directory they would otherwise not have\n access to. Note: The fix for this issue is incomplete until a kernel-space\n change is made. Future Red Hat Enterprise Linux 5 and 6 kernel updates\n will correct this issue. (CVE-2011-1833)\n\n Red Hat would like to thank the Ubuntu Security Team for reporting these\n issues. The Ubuntu Security Team acknowledges Vasiliy Kulikov of Openwall\n and Dan Rosenberg as the original reporters of CVE-2011-1831,\n CVE-2011-1832, and CVE-2011-1833, Dan Rosenberg and Marc Deslauriers as the\n original reporters of CVE-2011-1834, Marc Deslauriers as the original\n reporter of CVE-2011-1835, and Vasiliy Kulikov of Openwall as the original\n reporter of CVE-2011-1837.\n\n Users of ecryptfs-utils are advised to upgrade to these updated packages,\n which contain backported patches to correct these issues.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"RHENT_5\") {\n if(!isnull(res = isrpmvuln(pkg:\"ecryptfs-utils\", rpm:\"ecryptfs-utils~75~5.el5_7.2\", rls:\"RHENT_5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ecryptfs-utils-debuginfo\", rpm:\"ecryptfs-utils-debuginfo~75~5.el5_7.2\", rls:\"RHENT_5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ecryptfs-utils-devel\", rpm:\"ecryptfs-utils-devel~75~5.el5_7.2\", rls:\"RHENT_5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ecryptfs-utils-gui\", rpm:\"ecryptfs-utils-gui~75~5.el5_7.2\", rls:\"RHENT_5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1835", "CVE-2011-1832", "CVE-2011-1837", "CVE-2011-3145", "CVE-2011-1834", "CVE-2011-1833", "CVE-2011-1831"], "description": "The remote host is missing an update for the ", "modified": "2019-05-01T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:1361412562310881245", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881245", "type": "openvas", "title": "CentOS Update for ecryptfs-utils-75-5.el5_ CESA-2011:1241 centos5 x86_64", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for ecryptfs-utils-75-5.el5_ CESA-2011:1241 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-September/017812.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881245\");\n script_version(\"2019-05-01T16:02:02+0000\");\n script_tag(name:\"last_modification\", value:\"2019-05-01 16:02:02 +0000 (Wed, 01 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:08:38 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-1831\", \"CVE-2011-1832\", \"CVE-2011-1834\", \"CVE-2011-1835\",\n \"CVE-2011-1837\", \"CVE-2011-3145\", \"CVE-2011-1833\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2011:1241\");\n script_name(\"CentOS Update for ecryptfs-utils-75-5.el5_ CESA-2011:1241 centos5 x86_64\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ecryptfs-utils-75-5.el5_'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"ecryptfs-utils-75-5.el5_ on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"eCryptfs is a stacked, cryptographic file system. It is transparent to the\n underlying file system and provides per-file granularity. eCryptfs is\n released as a Technology Preview for Red Hat Enterprise Linux 5 and 6.\n\n The setuid mount.ecryptfs_private utility allows users to mount an eCryptfs\n file system. This utility can only be run by users in the 'ecryptfs' group.\n\n A race condition flaw was found in the way mount.ecryptfs_private checked\n the permissions of a requested mount point when mounting an encrypted file\n system. A local attacker could possibly use this flaw to escalate their\n privileges by mounting over an arbitrary directory. (CVE-2011-1831)\n\n A race condition flaw in umount.ecryptfs_private could allow a local\n attacker to unmount an arbitrary file system. (CVE-2011-1832)\n\n It was found that mount.ecryptfs_private did not handle certain errors\n correctly when updating the mtab (mounted file systems table) file,\n allowing a local attacker to corrupt the mtab file and possibly unmount an\n arbitrary file system. (CVE-2011-1834)\n\n An insecure temporary file use flaw was found in the ecryptfs-setup-private\n script. A local attacker could use this script to insert their own key that\n will subsequently be used by a new user, possibly giving the attacker\n access to the user's encrypted data if existing file permissions allow\n access. (CVE-2011-1835)\n\n A race condition flaw in mount.ecryptfs_private could allow a local\n attacker to overwrite arbitrary files. (CVE-2011-1837)\n\n A race condition flaw in the way temporary files were accessed in\n mount.ecryptfs_private could allow a malicious, local user to make\n arbitrary modifications to the mtab file. (CVE-2011-3145)\n\n A race condition flaw was found in the way mount.ecryptfs_private checked\n the permissions of the directory to mount. A local attacker could use this\n flaw to mount (and then access) a directory they would otherwise not have\n access to. Note: The fix for this issue is incomplete until a kernel-space\n change is made. Future Red Hat Enterprise Linux 5 and 6 kernel updates\n will correct this issue. (CVE-2011-1833)\n\n Red Hat would like to thank the Ubuntu Security Team for reporting these\n issues. The Ubuntu Security Team acknowledges Vasiliy Kulikov of Openwall\n and Dan Rosenberg as the original reporters of CVE-2011-1831,\n CVE-2011-1832, and CVE-2011-1833, Dan Rosenberg and Marc Deslauriers as the\n original reporters of CVE-2011-1834, Marc Deslauriers as the original\n reporter of CVE-2011-1835, and Vasiliy Kulikov of Openwall as the original\n reporter of CVE-2011-1837.\n\n Users of ecryptfs-utils are advised to upgrade to these updated packages,\n which contain backported patches to correct these issues.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"ecryptfs-utils\", rpm:\"ecryptfs-utils~75~5.el5~7.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ecryptfs-utils-devel\", rpm:\"ecryptfs-utils-devel~75~5.el5~7.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ecryptfs-utils-gui\", rpm:\"ecryptfs-utils-gui~75~5.el5~7.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-12T10:09:09", "description": " - fix incorrect mtab group ownership\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 22, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2011-10-03T00:00:00", "title": "Fedora 16 : ecryptfs-utils-90-2.fc16 (2011-11871)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3145"], "modified": "2011-10-03T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:16", "p-cpe:/a:fedoraproject:fedora:ecryptfs-utils"], "id": "FEDORA_2011-11871.NASL", "href": "https://www.tenable.com/plugins/nessus/56349", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-11871.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56349);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-3145\");\n script_bugtraq_id(49287);\n script_xref(name:\"FEDORA\", value:\"2011-11871\");\n\n script_name(english:\"Fedora 16 : ecryptfs-utils-90-2.fc16 (2011-11871)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - fix incorrect mtab group ownership\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=732607\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-September/066577.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f2a8743d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ecryptfs-utils package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ecryptfs-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"ecryptfs-utils-90-2.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ecryptfs-utils\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:09:09", "description": " - fix incorrect mtab group ownership\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 22, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2011-09-15T00:00:00", "title": "Fedora 15 : ecryptfs-utils-90-2.fc15 (2011-11936)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3145"], "modified": "2011-09-15T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:15", "p-cpe:/a:fedoraproject:fedora:ecryptfs-utils"], "id": "FEDORA_2011-11936.NASL", "href": "https://www.tenable.com/plugins/nessus/56200", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-11936.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56200);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-3145\");\n script_bugtraq_id(49287);\n script_xref(name:\"FEDORA\", value:\"2011-11936\");\n\n script_name(english:\"Fedora 15 : ecryptfs-utils-90-2.fc15 (2011-11936)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - fix incorrect mtab group ownership\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=732607\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-September/065965.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7cb84409\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ecryptfs-utils package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ecryptfs-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"ecryptfs-utils-90-2.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ecryptfs-utils\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:09:09", "description": " - fix incorrect mtab group ownership\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2011-09-15T00:00:00", "title": "Fedora 14 : ecryptfs-utils-90-2.fc14 (2011-11979)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3145"], "modified": "2011-09-15T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:14", "p-cpe:/a:fedoraproject:fedora:ecryptfs-utils"], "id": "FEDORA_2011-11979.NASL", "href": "https://www.tenable.com/plugins/nessus/56201", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-11979.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56201);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-3145\");\n script_bugtraq_id(49287);\n script_xref(name:\"FEDORA\", value:\"2011-11979\");\n\n script_name(english:\"Fedora 14 : ecryptfs-utils-90-2.fc14 (2011-11979)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - fix incorrect mtab group ownership\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=732607\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-September/065952.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7e8626fe\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ecryptfs-utils package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ecryptfs-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"ecryptfs-utils-90-2.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ecryptfs-utils\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:07:10", "description": "mount.ecrpytfs_private did not set correct group ownerships when it\nmodifies mtab (CVE-2011-3145).", "edition": 23, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : ecryptfs-utils (openSUSE-SU-2012:0106-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3145"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ecryptfs-utils", "p-cpe:/a:novell:opensuse:ecryptfs-utils-32bit", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_ECRYPTFS-UTILS-111214.NASL", "href": "https://www.tenable.com/plugins/nessus/75474", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update ecryptfs-utils-5541.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75474);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3145\");\n\n script_name(english:\"openSUSE Security Update : ecryptfs-utils (openSUSE-SU-2012:0106-1)\");\n script_summary(english:\"Check for the ecryptfs-utils-5541 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"mount.ecrpytfs_private did not set correct group ownerships when it\nmodifies mtab (CVE-2011-3145).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=735342\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-01/msg00039.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ecryptfs-utils packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ecryptfs-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ecryptfs-utils-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"ecryptfs-utils-83-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"ecryptfs-utils-32bit-83-3.5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ecryptfs-utils\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:08:35", "description": "mount.ecrpytfs_private did not set correct group ownerships when it\nmodifies mtab (CVE-2011-3145).", "edition": 23, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : ecryptfs-utils (openSUSE-SU-2012:0106-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3145"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ecryptfs-utils", "p-cpe:/a:novell:opensuse:ecryptfs-utils-debuginfo-32bit", "cpe:/o:novell:opensuse:11.4", "p-cpe:/a:novell:opensuse:ecryptfs-utils-debuginfo", "p-cpe:/a:novell:opensuse:ecryptfs-utils-32bit", "p-cpe:/a:novell:opensuse:ecryptfs-utils-debugsource"], "id": "SUSE_11_4_ECRYPTFS-UTILS-111214.NASL", "href": "https://www.tenable.com/plugins/nessus/75822", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update ecryptfs-utils-5541.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75822);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3145\");\n\n script_name(english:\"openSUSE Security Update : ecryptfs-utils (openSUSE-SU-2012:0106-1)\");\n script_summary(english:\"Check for the ecryptfs-utils-5541 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"mount.ecrpytfs_private did not set correct group ownerships when it\nmodifies mtab (CVE-2011-3145).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=735342\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-01/msg00039.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ecryptfs-utils packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ecryptfs-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ecryptfs-utils-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ecryptfs-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ecryptfs-utils-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ecryptfs-utils-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"ecryptfs-utils-83-6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"ecryptfs-utils-debuginfo-83-6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"ecryptfs-utils-debugsource-83-6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"ecryptfs-utils-32bit-83-6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"ecryptfs-utils-debuginfo-32bit-83-6.9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ecryptfs-utils\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T14:37:45", "description": "ecryptfs-utils was updated to fix a security issue and some bugs.\n\nSecurity issue fixed: mount.ecryptfs_private did not set correct group\nownerships when it modifies mtab. (CVE-2011-3145)\n\nAlso some bugs that made this set of tools non-working were fixed.\n\nYou need to manually hand setuid root permissions to\n/sbin/mount.ecryptfs_private if you want to use it as a non-root user.", "edition": 15, "published": "2013-01-25T00:00:00", "title": "SuSE 11.1 Security Update : ecryptfs-utils (SAT Patch Number 6187)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3145"], "modified": "2013-01-25T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:ecryptfs-utils-32bit", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:ecryptfs-utils"], "id": "SUSE_11_ECRYPTFS-UTILS-120420.NASL", "href": "https://www.tenable.com/plugins/nessus/64126", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64126);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-3145\");\n\n script_name(english:\"SuSE 11.1 Security Update : ecryptfs-utils (SAT Patch Number 6187)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"ecryptfs-utils was updated to fix a security issue and some bugs.\n\nSecurity issue fixed: mount.ecryptfs_private did not set correct group\nownerships when it modifies mtab. (CVE-2011-3145)\n\nAlso some bugs that made this set of tools non-working were fixed.\n\nYou need to manually hand setuid root permissions to\n/sbin/mount.ecryptfs_private if you want to use it as a non-root user.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=735342\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=745372\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=745581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=745584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=745825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3145.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 6187.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:ecryptfs-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:ecryptfs-utils-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"ecryptfs-utils-61-1.33.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"ecryptfs-utils-61-1.33.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"ecryptfs-utils-32bit-61-1.33.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"ecryptfs-utils-61-1.33.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"ecryptfs-utils-32bit-61-1.33.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"ecryptfs-utils-32bit-61-1.33.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-01T07:13:14", "description": "It was discovered that eCryptfs incorrectly handled permissions when\nmodifying the mtab file. A local attacker could use this flaw to\nmanipulate the mtab file, and possibly unmount arbitrary locations,\nleading to a denial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2011-08-24T00:00:00", "title": "Ubuntu 10.04 LTS / 10.10 / 11.04 : ecryptfs-utils vulnerability (USN-1196-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3145"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:ecryptfs-utils", "cpe:/o:canonical:ubuntu_linux:10.10"], "id": "UBUNTU_USN-1196-1.NASL", "href": "https://www.tenable.com/plugins/nessus/55968", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1196-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55968);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-3145\");\n script_bugtraq_id(49287);\n script_xref(name:\"USN\", value:\"1196-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 10.10 / 11.04 : ecryptfs-utils vulnerability (USN-1196-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that eCryptfs incorrectly handled permissions when\nmodifying the mtab file. A local attacker could use this flaw to\nmanipulate the mtab file, and possibly unmount arbitrary locations,\nleading to a denial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1196-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ecryptfs-utils package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ecryptfs-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|10\\.10|11\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 10.10 / 11.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"ecryptfs-utils\", pkgver:\"83-0ubuntu3.2.10.04.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"ecryptfs-utils\", pkgver:\"83-0ubuntu3.2.10.10.2\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"ecryptfs-utils\", pkgver:\"87-0ubuntu1.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ecryptfs-utils\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T09:47:12", "description": "Several problems have been discovered in eCryptfs, a cryptographic\nfilesystem for Linux.\n\n - CVE-2011-1831\n Vasiliy Kulikov of Openwall and Dan Rosenberg discovered\n that eCryptfs incorrectly validated permissions on the\n requested mountpoint. A local attacker could use this\n flaw to mount to arbitrary locations, leading to\n privilege escalation.\n\n - CVE-2011-1832\n Vasiliy Kulikov of Openwall and Dan Rosenberg discovered\n that eCryptfs incorrectly validated permissions on the\n requested mountpoint. A local attacker could use this\n flaw to unmount to arbitrary locations, leading to a\n denial of service.\n\n - CVE-2011-1834\n Dan Rosenberg and Marc Deslauriers discovered that\n eCryptfs incorrectly handled modifications to the mtab\n file when an error occurs. A local attacker could use\n this flaw to corrupt the mtab file, and possibly unmount\n arbitrary locations, leading to a denial of service.\n\n - CVE-2011-1835\n Marc Deslauriers discovered that eCryptfs incorrectly\n handled keys when setting up an encrypted private\n directory. A local attacker could use this flaw to\n manipulate keys during creation of a new user.\n\n - CVE-2011-1837\n Vasiliy Kulikov of Openwall discovered that eCryptfs\n incorrectly handled lock counters. A local attacker\n could use this flaw to possibly overwrite arbitrary\n files.\n\nWe acknowledge the work of the Ubuntu distribution in preparing\npatches suitable for near-direct inclusion in the Debian package.", "edition": 16, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2012-01-12T00:00:00", "title": "Debian DSA-2382-1 : ecryptfs-utils - multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1835", "CVE-2011-1832", "CVE-2011-1837", "CVE-2011-3145", "CVE-2011-1834", "CVE-2011-1831"], "modified": "2012-01-12T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "cpe:/o:debian:debian_linux:5.0", "p-cpe:/a:debian:debian_linux:ecryptfs-utils"], "id": "DEBIAN_DSA-2382.NASL", "href": "https://www.tenable.com/plugins/nessus/57522", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2382. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57522);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-1831\", \"CVE-2011-1832\", \"CVE-2011-1834\", \"CVE-2011-1835\", \"CVE-2011-1837\", \"CVE-2011-3145\");\n script_bugtraq_id(49108, 49287);\n script_xref(name:\"DSA\", value:\"2382\");\n\n script_name(english:\"Debian DSA-2382-1 : ecryptfs-utils - multiple vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several problems have been discovered in eCryptfs, a cryptographic\nfilesystem for Linux.\n\n - CVE-2011-1831\n Vasiliy Kulikov of Openwall and Dan Rosenberg discovered\n that eCryptfs incorrectly validated permissions on the\n requested mountpoint. A local attacker could use this\n flaw to mount to arbitrary locations, leading to\n privilege escalation.\n\n - CVE-2011-1832\n Vasiliy Kulikov of Openwall and Dan Rosenberg discovered\n that eCryptfs incorrectly validated permissions on the\n requested mountpoint. A local attacker could use this\n flaw to unmount to arbitrary locations, leading to a\n denial of service.\n\n - CVE-2011-1834\n Dan Rosenberg and Marc Deslauriers discovered that\n eCryptfs incorrectly handled modifications to the mtab\n file when an error occurs. A local attacker could use\n this flaw to corrupt the mtab file, and possibly unmount\n arbitrary locations, leading to a denial of service.\n\n - CVE-2011-1835\n Marc Deslauriers discovered that eCryptfs incorrectly\n handled keys when setting up an encrypted private\n directory. A local attacker could use this flaw to\n manipulate keys during creation of a new user.\n\n - CVE-2011-1837\n Vasiliy Kulikov of Openwall discovered that eCryptfs\n incorrectly handled lock counters. A local attacker\n could use this flaw to possibly overwrite arbitrary\n files.\n\nWe acknowledge the work of the Ubuntu distribution in preparing\npatches suitable for near-direct inclusion in the Debian package.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1831\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1832\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1834\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1835\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/ecryptfs-utils\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2382\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the ecryptfs-utils packages.\n\nFor the oldstable distribution (lenny), these problems have been fixed\nin version 68-1+lenny1.\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 83-4+squeeze1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ecryptfs-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"ecryptfs-utils\", reference:\"68-1+lenny1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"ecryptfs-utils\", reference:\"83-4+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"ecryptfs-utils-dbg\", reference:\"83-4+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libecryptfs-dev\", reference:\"83-4+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libecryptfs0\", reference:\"83-4+squeeze1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:09:45", "description": "Updated ecryptfs-utils packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\neCryptfs is a stacked, cryptographic file system. It is transparent to\nthe underlying file system and provides per-file granularity. eCryptfs\nis released as a Technology Preview for Red Hat Enterprise Linux 5 and\n6.\n\nThe setuid mount.ecryptfs_private utility allows users to mount an\neCryptfs file system. This utility can only be run by users in the\n'ecryptfs' group.\n\nA race condition flaw was found in the way mount.ecryptfs_private\nchecked the permissions of a requested mount point when mounting an\nencrypted file system. A local attacker could possibly use this flaw\nto escalate their privileges by mounting over an arbitrary directory.\n(CVE-2011-1831)\n\nA race condition flaw in umount.ecryptfs_private could allow a local\nattacker to unmount an arbitrary file system. (CVE-2011-1832)\n\nIt was found that mount.ecryptfs_private did not handle certain errors\ncorrectly when updating the mtab (mounted file systems table) file,\nallowing a local attacker to corrupt the mtab file and possibly\nunmount an arbitrary file system. (CVE-2011-1834)\n\nAn insecure temporary file use flaw was found in the\necryptfs-setup-private script. A local attacker could use this script\nto insert their own key that will subsequently be used by a new user,\npossibly giving the attacker access to the user's encrypted data if\nexisting file permissions allow access. (CVE-2011-1835)\n\nA race condition flaw in mount.ecryptfs_private could allow a local\nattacker to overwrite arbitrary files. (CVE-2011-1837)\n\nA race condition flaw in the way temporary files were accessed in\nmount.ecryptfs_private could allow a malicious, local user to make\narbitrary modifications to the mtab file. (CVE-2011-3145)\n\nA race condition flaw was found in the way mount.ecryptfs_private\nchecked the permissions of the directory to mount. A local attacker\ncould use this flaw to mount (and then access) a directory they would\notherwise not have access to. Note: The fix for this issue is\nincomplete until a kernel-space change is made. Future Red Hat\nEnterprise Linux 5 and 6 kernel updates will correct this issue.\n(CVE-2011-1833)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nthese issues. The Ubuntu Security Team acknowledges Vasiliy Kulikov of\nOpenwall and Dan Rosenberg as the original reporters of CVE-2011-1831,\nCVE-2011-1832, and CVE-2011-1833; Dan Rosenberg and Marc Deslauriers\nas the original reporters of CVE-2011-1834; Marc Deslauriers as the\noriginal reporter of CVE-2011-1835; and Vasiliy Kulikov of Openwall as\nthe original reporter of CVE-2011-1837.\n\nUsers of ecryptfs-utils are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues.", "edition": 28, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2011-09-01T00:00:00", "title": "RHEL 5 / 6 : ecryptfs-utils (RHSA-2011:1241)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1835", "CVE-2011-1832", "CVE-2011-1837", "CVE-2011-3145", "CVE-2011-1834", "CVE-2011-1833", "CVE-2011-1831"], "modified": "2011-09-01T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:ecryptfs-utils-python", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:ecryptfs-utils-devel", "cpe:/o:redhat:enterprise_linux:6.1", "p-cpe:/a:redhat:enterprise_linux:ecryptfs-utils-debuginfo", "p-cpe:/a:redhat:enterprise_linux:ecryptfs-utils", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:ecryptfs-utils-gui"], "id": "REDHAT-RHSA-2011-1241.NASL", "href": "https://www.tenable.com/plugins/nessus/56028", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1241. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56028);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1831\", \"CVE-2011-1832\", \"CVE-2011-1833\", \"CVE-2011-1834\", \"CVE-2011-1835\", \"CVE-2011-1837\", \"CVE-2011-3145\");\n script_bugtraq_id(49108, 49287);\n script_xref(name:\"RHSA\", value:\"2011:1241\");\n\n script_name(english:\"RHEL 5 / 6 : ecryptfs-utils (RHSA-2011:1241)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated ecryptfs-utils packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\neCryptfs is a stacked, cryptographic file system. It is transparent to\nthe underlying file system and provides per-file granularity. eCryptfs\nis released as a Technology Preview for Red Hat Enterprise Linux 5 and\n6.\n\nThe setuid mount.ecryptfs_private utility allows users to mount an\neCryptfs file system. This utility can only be run by users in the\n'ecryptfs' group.\n\nA race condition flaw was found in the way mount.ecryptfs_private\nchecked the permissions of a requested mount point when mounting an\nencrypted file system. A local attacker could possibly use this flaw\nto escalate their privileges by mounting over an arbitrary directory.\n(CVE-2011-1831)\n\nA race condition flaw in umount.ecryptfs_private could allow a local\nattacker to unmount an arbitrary file system. (CVE-2011-1832)\n\nIt was found that mount.ecryptfs_private did not handle certain errors\ncorrectly when updating the mtab (mounted file systems table) file,\nallowing a local attacker to corrupt the mtab file and possibly\nunmount an arbitrary file system. (CVE-2011-1834)\n\nAn insecure temporary file use flaw was found in the\necryptfs-setup-private script. A local attacker could use this script\nto insert their own key that will subsequently be used by a new user,\npossibly giving the attacker access to the user's encrypted data if\nexisting file permissions allow access. (CVE-2011-1835)\n\nA race condition flaw in mount.ecryptfs_private could allow a local\nattacker to overwrite arbitrary files. (CVE-2011-1837)\n\nA race condition flaw in the way temporary files were accessed in\nmount.ecryptfs_private could allow a malicious, local user to make\narbitrary modifications to the mtab file. (CVE-2011-3145)\n\nA race condition flaw was found in the way mount.ecryptfs_private\nchecked the permissions of the directory to mount. A local attacker\ncould use this flaw to mount (and then access) a directory they would\notherwise not have access to. Note: The fix for this issue is\nincomplete until a kernel-space change is made. Future Red Hat\nEnterprise Linux 5 and 6 kernel updates will correct this issue.\n(CVE-2011-1833)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nthese issues. The Ubuntu Security Team acknowledges Vasiliy Kulikov of\nOpenwall and Dan Rosenberg as the original reporters of CVE-2011-1831,\nCVE-2011-1832, and CVE-2011-1833; Dan Rosenberg and Marc Deslauriers\nas the original reporters of CVE-2011-1834; Marc Deslauriers as the\noriginal reporter of CVE-2011-1835; and Vasiliy Kulikov of Openwall as\nthe original reporter of CVE-2011-1837.\n\nUsers of ecryptfs-utils are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1831\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1832\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1834\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1835\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3145\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/support/offerings/techpreview/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1241\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ecryptfs-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ecryptfs-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ecryptfs-utils-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ecryptfs-utils-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ecryptfs-utils-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1241\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"ecryptfs-utils-75-5.el5_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"ecryptfs-utils-devel-75-5.el5_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"ecryptfs-utils-gui-75-5.el5_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"ecryptfs-utils-gui-75-5.el5_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"ecryptfs-utils-gui-75-5.el5_7.2\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"ecryptfs-utils-82-6.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"ecryptfs-utils-debuginfo-82-6.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"ecryptfs-utils-devel-82-6.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"ecryptfs-utils-python-82-6.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"ecryptfs-utils-python-82-6.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ecryptfs-utils-python-82-6.el6_1.3\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ecryptfs-utils / ecryptfs-utils-debuginfo / ecryptfs-utils-devel / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T12:46:14", "description": "From Red Hat Security Advisory 2011:1241 :\n\nUpdated ecryptfs-utils packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\neCryptfs is a stacked, cryptographic file system. It is transparent to\nthe underlying file system and provides per-file granularity. eCryptfs\nis released as a Technology Preview for Red Hat Enterprise Linux 5 and\n6.\n\nThe setuid mount.ecryptfs_private utility allows users to mount an\neCryptfs file system. This utility can only be run by users in the\n'ecryptfs' group.\n\nA race condition flaw was found in the way mount.ecryptfs_private\nchecked the permissions of a requested mount point when mounting an\nencrypted file system. A local attacker could possibly use this flaw\nto escalate their privileges by mounting over an arbitrary directory.\n(CVE-2011-1831)\n\nA race condition flaw in umount.ecryptfs_private could allow a local\nattacker to unmount an arbitrary file system. (CVE-2011-1832)\n\nIt was found that mount.ecryptfs_private did not handle certain errors\ncorrectly when updating the mtab (mounted file systems table) file,\nallowing a local attacker to corrupt the mtab file and possibly\nunmount an arbitrary file system. (CVE-2011-1834)\n\nAn insecure temporary file use flaw was found in the\necryptfs-setup-private script. A local attacker could use this script\nto insert their own key that will subsequently be used by a new user,\npossibly giving the attacker access to the user's encrypted data if\nexisting file permissions allow access. (CVE-2011-1835)\n\nA race condition flaw in mount.ecryptfs_private could allow a local\nattacker to overwrite arbitrary files. (CVE-2011-1837)\n\nA race condition flaw in the way temporary files were accessed in\nmount.ecryptfs_private could allow a malicious, local user to make\narbitrary modifications to the mtab file. (CVE-2011-3145)\n\nA race condition flaw was found in the way mount.ecryptfs_private\nchecked the permissions of the directory to mount. A local attacker\ncould use this flaw to mount (and then access) a directory they would\notherwise not have access to. Note: The fix for this issue is\nincomplete until a kernel-space change is made. Future Red Hat\nEnterprise Linux 5 and 6 kernel updates will correct this issue.\n(CVE-2011-1833)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nthese issues. The Ubuntu Security Team acknowledges Vasiliy Kulikov of\nOpenwall and Dan Rosenberg as the original reporters of CVE-2011-1831,\nCVE-2011-1832, and CVE-2011-1833; Dan Rosenberg and Marc Deslauriers\nas the original reporters of CVE-2011-1834; Marc Deslauriers as the\noriginal reporter of CVE-2011-1835; and Vasiliy Kulikov of Openwall as\nthe original reporter of CVE-2011-1837.\n\nUsers of ecryptfs-utils are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues.", "edition": 25, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 / 6 : ecryptfs-utils (ELSA-2011-1241)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1835", "CVE-2011-1832", "CVE-2011-1837", "CVE-2011-3145", "CVE-2011-1834", "CVE-2011-1833", "CVE-2011-1831"], "modified": "2013-07-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:ecryptfs-utils-python", "p-cpe:/a:oracle:linux:ecryptfs-utils-gui", "p-cpe:/a:oracle:linux:ecryptfs-utils-devel", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:ecryptfs-utils"], "id": "ORACLELINUX_ELSA-2011-1241.NASL", "href": "https://www.tenable.com/plugins/nessus/68338", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:1241 and \n# Oracle Linux Security Advisory ELSA-2011-1241 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68338);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1831\", \"CVE-2011-1832\", \"CVE-2011-1833\", \"CVE-2011-1834\", \"CVE-2011-1835\", \"CVE-2011-1837\", \"CVE-2011-3145\");\n script_bugtraq_id(49108, 49287);\n script_xref(name:\"RHSA\", value:\"2011:1241\");\n\n script_name(english:\"Oracle Linux 5 / 6 : ecryptfs-utils (ELSA-2011-1241)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:1241 :\n\nUpdated ecryptfs-utils packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\neCryptfs is a stacked, cryptographic file system. It is transparent to\nthe underlying file system and provides per-file granularity. eCryptfs\nis released as a Technology Preview for Red Hat Enterprise Linux 5 and\n6.\n\nThe setuid mount.ecryptfs_private utility allows users to mount an\neCryptfs file system. This utility can only be run by users in the\n'ecryptfs' group.\n\nA race condition flaw was found in the way mount.ecryptfs_private\nchecked the permissions of a requested mount point when mounting an\nencrypted file system. A local attacker could possibly use this flaw\nto escalate their privileges by mounting over an arbitrary directory.\n(CVE-2011-1831)\n\nA race condition flaw in umount.ecryptfs_private could allow a local\nattacker to unmount an arbitrary file system. (CVE-2011-1832)\n\nIt was found that mount.ecryptfs_private did not handle certain errors\ncorrectly when updating the mtab (mounted file systems table) file,\nallowing a local attacker to corrupt the mtab file and possibly\nunmount an arbitrary file system. (CVE-2011-1834)\n\nAn insecure temporary file use flaw was found in the\necryptfs-setup-private script. A local attacker could use this script\nto insert their own key that will subsequently be used by a new user,\npossibly giving the attacker access to the user's encrypted data if\nexisting file permissions allow access. (CVE-2011-1835)\n\nA race condition flaw in mount.ecryptfs_private could allow a local\nattacker to overwrite arbitrary files. (CVE-2011-1837)\n\nA race condition flaw in the way temporary files were accessed in\nmount.ecryptfs_private could allow a malicious, local user to make\narbitrary modifications to the mtab file. (CVE-2011-3145)\n\nA race condition flaw was found in the way mount.ecryptfs_private\nchecked the permissions of the directory to mount. A local attacker\ncould use this flaw to mount (and then access) a directory they would\notherwise not have access to. Note: The fix for this issue is\nincomplete until a kernel-space change is made. Future Red Hat\nEnterprise Linux 5 and 6 kernel updates will correct this issue.\n(CVE-2011-1833)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nthese issues. The Ubuntu Security Team acknowledges Vasiliy Kulikov of\nOpenwall and Dan Rosenberg as the original reporters of CVE-2011-1831,\nCVE-2011-1832, and CVE-2011-1833; Dan Rosenberg and Marc Deslauriers\nas the original reporters of CVE-2011-1834; Marc Deslauriers as the\noriginal reporter of CVE-2011-1835; and Vasiliy Kulikov of Openwall as\nthe original reporter of CVE-2011-1837.\n\nUsers of ecryptfs-utils are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-September/002321.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-September/002325.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ecryptfs-utils packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ecryptfs-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ecryptfs-utils-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ecryptfs-utils-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ecryptfs-utils-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"ecryptfs-utils-75-5.el5_7.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"ecryptfs-utils-devel-75-5.el5_7.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"ecryptfs-utils-gui-75-5.el5_7.2\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"ecryptfs-utils-82-6.el6_1.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"ecryptfs-utils-devel-82-6.el6_1.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"ecryptfs-utils-python-82-6.el6_1.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ecryptfs-utils / ecryptfs-utils-devel / ecryptfs-utils-gui / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:41", "bulletinFamily": "software", "cvelist": ["CVE-2011-3145"], "description": "==========================================================================\r\nUbuntu Security Notice USN-1196-1\r\nAugust 23, 2011\r\n\r\necryptfs-utils vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 11.04\r\n- Ubuntu 10.10\r\n- Ubuntu 10.04 LTS\r\n\r\nSummary:\r\n\r\nAn attacker could use eCryptfs to unmount arbitrary locations and cause a\r\ndenial of service.\r\n\r\nSoftware Description:\r\n- ecryptfs-utils: ecryptfs cryptographic filesystem (utilities)\r\n\r\nDetails:\r\n\r\nIt was discovered that eCryptfs incorrectly handled permissions when\r\nmodifying the mtab file. A local attacker could use this flaw to manipulate\r\nthe mtab file, and possibly unmount arbitrary locations, leading to a\r\ndenial of service.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 11.04:\r\n ecryptfs-utils 87-0ubuntu1.2\r\n\r\nUbuntu 10.10:\r\n ecryptfs-utils 83-0ubuntu3.2.10.10.2\r\n\r\nUbuntu 10.04 LTS:\r\n ecryptfs-utils 83-0ubuntu3.2.10.04.2\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-1196-1\r\n CVE-2011-3145\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/ecryptfs-utils/87-0ubuntu1.2\r\n https://launchpad.net/ubuntu/+source/ecryptfs-utils/83-0ubuntu3.2.10.10.2\r\n https://launchpad.net/ubuntu/+source/ecryptfs-utils/83-0ubuntu3.2.10.04.2\r\n", "edition": 1, "modified": "2011-08-24T00:00:00", "published": "2011-08-24T00:00:00", "id": "SECURITYVULNS:DOC:26893", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26893", "title": "[USN-1196-1] eCryptfs vulnerability", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-08-31T11:09:43", "bulletinFamily": "software", "cvelist": ["CVE-2011-1835", "CVE-2011-1832", "CVE-2011-1837", "CVE-2011-3145", "CVE-2011-1834", "CVE-2011-1833", "CVE-2011-1836", "CVE-2011-1831"], "description": "Privilege escalation, information leakage.", "edition": 1, "modified": "2011-08-24T00:00:00", "published": "2011-08-24T00:00:00", "id": "SECURITYVULNS:VULN:11848", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11848", "title": "eCryptfs multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3145"], "description": "eCryptfs is a stacked cryptographic filesystem that ships in Linux kernel versions 2.6.19 and above. This package provides the mount helper and supporting libraries to perform key management and mount functions. Install ecryptfs-utils if you would like to mount eCryptfs. ", "modified": "2011-09-30T18:54:56", "published": "2011-09-30T18:54:56", "id": "FEDORA:242992085A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: ecryptfs-utils-90-2.fc16", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1831", "CVE-2011-1833", "CVE-2011-1834", "CVE-2011-1835", "CVE-2011-1836", "CVE-2011-1837", "CVE-2011-3145"], "description": "eCryptfs is a stacked cryptographic filesystem that ships in Linux kernel versions 2.6.19 and above. This package provides the mount helper and supporting libraries to perform key management and mount functions. Install ecryptfs-utils if you would like to mount eCryptfs. ", "modified": "2011-09-14T22:31:26", "published": "2011-09-14T22:31:26", "id": "FEDORA:C6B22C19F7", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: ecryptfs-utils-90-2.fc14", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1831", "CVE-2011-1833", "CVE-2011-1834", "CVE-2011-1835", "CVE-2011-1836", "CVE-2011-1837", "CVE-2011-3145"], "description": "eCryptfs is a stacked cryptographic filesystem that ships in Linux kernel versions 2.6.19 and above. This package provides the mount helper and supporting libraries to perform key management and mount functions. Install ecryptfs-utils if you would like to mount eCryptfs. ", "modified": "2011-09-14T22:33:52", "published": "2011-09-14T22:33:52", "id": "FEDORA:345FEC1A79", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: ecryptfs-utils-90-2.fc15", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2020-11-11T13:27:18", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1835", "CVE-2011-1832", "CVE-2011-1837", "CVE-2011-3145", "CVE-2011-1834", "CVE-2011-1831"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2382-1 security@debian.org\nhttp://www.debian.org/security/ Jonathan Wiltshire\nJanuary 07, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : ecryptfs-utils\nVulnerability : multiple\nProblem type : local\nDebian-specific: no\nCVE ID : CVE-2011-1831 CVE-2011-1832 CVE-2011-1834 CVE-2011-1835 \n CVE-2011-1837 CVE-2011-3145 \n\nSeveral problems have been discovered in ecryptfs-utils, a cryptographic\nfilesystem for Linux.\n\nCVE-2011-1831\n\n Vasiliy Kulikov of Openwall and Dan Rosenberg discovered that eCryptfs\n incorrectly validated permissions on the requested mountpoint. A local\n attacker could use this flaw to mount to arbitrary locations, leading\n to privilege escalation.\n\nCVE-2011-1832\n\n Vasiliy Kulikov of Openwall and Dan Rosenberg discovered that eCryptfs\n incorrectly validated permissions on the requested mountpoint. A local\n attacker could use this flaw to unmount to arbitrary locations, leading\n to a denial of service.\n\nCVE-2011-1834\n\n Dan Rosenberg and Marc Deslauriers discovered that eCryptfs incorrectly\n handled modifications to the mtab file when an error occurs. A local\n attacker could use this flaw to corrupt the mtab file, and possibly\n unmount arbitrary locations, leading to a denial of service.\n\nCVE-2011-1835\n\n Marc Deslauriers discovered that eCryptfs incorrectly handled keys when\n setting up an encrypted private directory. A local attacker could use\n this flaw to manipulate keys during creation of a new user.\n\nCVE-2011-1837\n\n Vasiliy Kulikov of Openwall discovered that eCryptfs incorrectly handled\n lock counters. A local attacker could use this flaw to possibly overwrite\n arbitrary files.\n\nWe acknowledge the work of the Ubuntu distribution in preparing patches\nsuitable for near-direct inclusion in the Debian package.\n\nFor the oldstable distribution (lenny), these problems have been fixed in\nversion 68-1+lenny1.\n\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 83-4+squeeze1.\n\nFor the testing distribution (wheezy) and the unstable distribution (sid),\nthese problems have been fixed in version 95-1.\n\nWe recommend that you upgrade your ecryptfs-utils packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 10, "modified": "2012-01-07T18:49:31", "published": "2012-01-07T18:49:31", "id": "DEBIAN:DSA-2382-1:5A69C", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00005.html", "title": "[SECURITY] [DSA 2382-1] ecryptfs-utils security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2020-10-30T13:20:58", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1835", "CVE-2011-1832", "CVE-2011-1837", "CVE-2011-3145", "CVE-2011-1834", "CVE-2011-1833", "CVE-2011-1831"], "description": "**CentOS Errata and Security Advisory** CESA-2011:1241\n\n\neCryptfs is a stacked, cryptographic file system. It is transparent to the\nunderlying file system and provides per-file granularity. eCryptfs is\nreleased as a Technology Preview for Red Hat Enterprise Linux 5 and 6.\n\nThe setuid mount.ecryptfs_private utility allows users to mount an eCryptfs\nfile system. This utility can only be run by users in the \"ecryptfs\" group.\n\nA race condition flaw was found in the way mount.ecryptfs_private checked\nthe permissions of a requested mount point when mounting an encrypted file\nsystem. A local attacker could possibly use this flaw to escalate their\nprivileges by mounting over an arbitrary directory. (CVE-2011-1831)\n\nA race condition flaw in umount.ecryptfs_private could allow a local\nattacker to unmount an arbitrary file system. (CVE-2011-1832)\n\nIt was found that mount.ecryptfs_private did not handle certain errors\ncorrectly when updating the mtab (mounted file systems table) file,\nallowing a local attacker to corrupt the mtab file and possibly unmount an\narbitrary file system. (CVE-2011-1834)\n\nAn insecure temporary file use flaw was found in the ecryptfs-setup-private\nscript. A local attacker could use this script to insert their own key that\nwill subsequently be used by a new user, possibly giving the attacker\naccess to the user's encrypted data if existing file permissions allow\naccess. (CVE-2011-1835)\n\nA race condition flaw in mount.ecryptfs_private could allow a local\nattacker to overwrite arbitrary files. (CVE-2011-1837)\n\nA race condition flaw in the way temporary files were accessed in\nmount.ecryptfs_private could allow a malicious, local user to make\narbitrary modifications to the mtab file. (CVE-2011-3145)\n\nA race condition flaw was found in the way mount.ecryptfs_private checked\nthe permissions of the directory to mount. A local attacker could use this\nflaw to mount (and then access) a directory they would otherwise not have\naccess to. Note: The fix for this issue is incomplete until a kernel-space\nchange is made. Future Red Hat Enterprise Linux 5 and 6 kernel updates\nwill correct this issue. (CVE-2011-1833)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting these\nissues. The Ubuntu Security Team acknowledges Vasiliy Kulikov of Openwall\nand Dan Rosenberg as the original reporters of CVE-2011-1831,\nCVE-2011-1832, and CVE-2011-1833; Dan Rosenberg and Marc Deslauriers as the\noriginal reporters of CVE-2011-1834; Marc Deslauriers as the original\nreporter of CVE-2011-1835; and Vasiliy Kulikov of Openwall as the original\nreporter of CVE-2011-1837.\n\nUsers of ecryptfs-utils are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-September/029849.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-September/029850.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2011-September/006240.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2011-September/006241.html\n\n**Affected packages:**\necryptfs-utils\necryptfs-utils-devel\necryptfs-utils-gui\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2011-1241.html", "edition": 90, "modified": "2011-09-22T10:00:30", "published": "2011-09-01T16:11:04", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2011-September/006240.html", "id": "CESA-2011:1241", "title": "ecryptfs security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:35:34", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1835", "CVE-2011-1832", "CVE-2011-1837", "CVE-2011-3145", "CVE-2011-1834", "CVE-2011-1833", "CVE-2011-1831"], "description": "[82-6.3]\n- do not forget to set the group id in mount.ecryptfs_private\n[82-6.2]\n- fix regression in ecryptfs-setup-private\n[82-6.1]\n- security fixes:\n- privilege escalation via mountpoint race conditions (CVE-2011-1831, CVE-2011-1832)\n- race condition when checking source during mount (CVE-2011-1833)\n- mtab corruption via improper handling (CVE-2011-1834)\n- key poisoning via insecure temp directory handling (CVE-2011-1835)\n- arbitrary file overwrite via lock counter race (CVE-2011-1837)", "edition": 5, "modified": "2011-08-31T00:00:00", "published": "2011-08-31T00:00:00", "id": "ELSA-2011-1241", "href": "http://linux.oracle.com/errata/ELSA-2011-1241.html", "title": "ecryptfs-utils security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:45:46", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1831", "CVE-2011-1832", "CVE-2011-1833", "CVE-2011-1834", "CVE-2011-1835", "CVE-2011-1837", "CVE-2011-3145"], "description": "eCryptfs is a stacked, cryptographic file system. It is transparent to the\nunderlying file system and provides per-file granularity. eCryptfs is\nreleased as a Technology Preview for Red Hat Enterprise Linux 5 and 6.\n\nThe setuid mount.ecryptfs_private utility allows users to mount an eCryptfs\nfile system. This utility can only be run by users in the \"ecryptfs\" group.\n\nA race condition flaw was found in the way mount.ecryptfs_private checked\nthe permissions of a requested mount point when mounting an encrypted file\nsystem. A local attacker could possibly use this flaw to escalate their\nprivileges by mounting over an arbitrary directory. (CVE-2011-1831)\n\nA race condition flaw in umount.ecryptfs_private could allow a local\nattacker to unmount an arbitrary file system. (CVE-2011-1832)\n\nIt was found that mount.ecryptfs_private did not handle certain errors\ncorrectly when updating the mtab (mounted file systems table) file,\nallowing a local attacker to corrupt the mtab file and possibly unmount an\narbitrary file system. (CVE-2011-1834)\n\nAn insecure temporary file use flaw was found in the ecryptfs-setup-private\nscript. A local attacker could use this script to insert their own key that\nwill subsequently be used by a new user, possibly giving the attacker\naccess to the user's encrypted data if existing file permissions allow\naccess. (CVE-2011-1835)\n\nA race condition flaw in mount.ecryptfs_private could allow a local\nattacker to overwrite arbitrary files. (CVE-2011-1837)\n\nA race condition flaw in the way temporary files were accessed in\nmount.ecryptfs_private could allow a malicious, local user to make\narbitrary modifications to the mtab file. (CVE-2011-3145)\n\nA race condition flaw was found in the way mount.ecryptfs_private checked\nthe permissions of the directory to mount. A local attacker could use this\nflaw to mount (and then access) a directory they would otherwise not have\naccess to. Note: The fix for this issue is incomplete until a kernel-space\nchange is made. Future Red Hat Enterprise Linux 5 and 6 kernel updates\nwill correct this issue. (CVE-2011-1833)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting these\nissues. The Ubuntu Security Team acknowledges Vasiliy Kulikov of Openwall\nand Dan Rosenberg as the original reporters of CVE-2011-1831,\nCVE-2011-1832, and CVE-2011-1833; Dan Rosenberg and Marc Deslauriers as the\noriginal reporters of CVE-2011-1834; Marc Deslauriers as the original\nreporter of CVE-2011-1835; and Vasiliy Kulikov of Openwall as the original\nreporter of CVE-2011-1837.\n\nUsers of ecryptfs-utils are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.\n", "modified": "2018-06-06T20:24:31", "published": "2011-08-31T04:00:00", "id": "RHSA-2011:1241", "href": "https://access.redhat.com/errata/RHSA-2011:1241", "type": "redhat", "title": "(RHSA-2011:1241) Moderate: ecryptfs-utils security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
