Ecryptfs Utils Security Vulnerabilities and Issues — Ecryptfs Utils CVE List

EcryptfsEcryptfs Utils

7 matches found

CVE•added 2014/02/15 11:0 a.m.•89 views

CVE-2011-1831

CVE-2011-1831 affects the ecryptfs-utils package (mount.ecryptfs_private) prior to version 90. The vulnerability arises from a race in checking the mountpoint permissions during mount, allowing a local attacker to effectively replace a target directory with a new filesystem and gain privileges th...

4.6CVSS8.6AI score0.00366EPSS

CVE•added 2014/02/15 11:0 a.m.•70 views

CVE-2011-1832

CVE-2011-1832 affects ecryptfs-utils prior to version 90. A race condition in mount.ecryptfs_private’s mountpoint permission check could allow a local user to remove directories via an unmount call. The issue stems from inadequate validation before unmount/mount operations, enabling potential man...

2.1CVSS8.4AI score0.00382EPSS

CVE•added 2014/02/15 11:0 a.m.•70 views

CVE-2011-1837

CVE-2011-1837 affects ecryptfs-utils where the lock-counter implementation in utils/mount.ecryptfs_private.c allows local users to overwrite arbitrary files via unspecified vectors. Public analyses in multiple advisories (openSUSE/SUSE, MiracleLinux AXSA:2011-680, Oracle Linux ELSA-2011-1241, SL/...

3.6CVSS8.5AI score0.00379EPSS

CVE•added 2014/02/15 11:0 a.m.•69 views

CVE-2011-1834

CVE-2011-1834 affects the ecryptfs-utils package, specifically the mount helper behavior in mount.ecryptfs_private.c. The root cause is improper handling of the mtab file during error conditions, which can allow a local user to cause a denial of service via table corruption or bypass intended unm...

2.1CVSS8.3AI score0.00382EPSS

CVE•added 2014/02/15 11:0 a.m.•67 views

CVE-2011-1835

The CVE-2011-1835 issue lies in ecryptfs-utils, specifically the encrypted private-directory setup path (utils/ecryptfs-setup-private) where the passphrase file may not be created correctly. This opens a local-privilige escalation risk by bypassing access restrictions during new-user creation ste...

4.4CVSS8.6AI score0.00352EPSS

CVE•added 2008/11/21 2:0 a.m.•65 views

CVE-2008-5188

CVE-2008-5188 affects ecryptfs-utils (notably the ecryptfs-setup-private script) in versions 45–61 of ecryptfs-utils, allowing a local attacker to read cleartext passphrases from the process list. Red Hat/CentOS/Oracle advisories (RHSA-2009:1307, CESA-2009:1307) document that the flaw could expos...

7.2CVSS5.5AI score0.00386EPSS

CVE•added 2014/02/15 11:0 a.m.•46 views

CVE-2011-1836

CVE-2011-1836 affects ecryptfs-utils (before 90). The issue is that utils/ecryptfs-recover-private does not establish a subdirectory with safe permissions, potentially allowing local users to bypass access controls during recovery. The impact is limited to local privilege exposure/defeating restr...

4.6CVSS8.6AI score0.00378EPSS