Lucene search
UbuntuUSN-2524-1HistoryMar 11, 2015 - 12:00 a.m.
eCryptfs vulnerability
2015-03-1100:00:00
ubuntu.com
37
8.6 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
70.7%
Releases
- Ubuntu 14.10
- Ubuntu 14.04 ESM
- Ubuntu 12.04
- Ubuntu 10.04
Packages
- ecryptfs-utils - eCryptfs cryptographic filesystem utilities
Details
Sylvain Pelissier discovered that eCryptfs did not generate a random salt when
encrypting the mount passphrase with the login password. An attacker could use
this issue to discover the login password used to protect the mount passphrase
and gain unintended access to the encrypted files.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 14.10 | noarch | ecryptfs-utils | < 104-0ubuntu1.14.10.3 | UNKNOWN |
| Ubuntu | 14.10 | noarch | ecryptfs-utils-dbg | < 104-0ubuntu1.14.10.3 | UNKNOWN |
| Ubuntu | 14.10 | noarch | libecryptfs-dev | < 104-0ubuntu1.14.10.3 | UNKNOWN |
| Ubuntu | 14.10 | noarch | libecryptfs0 | < 104-0ubuntu1.14.10.3 | UNKNOWN |
| Ubuntu | 14.10 | noarch | python-ecryptfs | < 104-0ubuntu1.14.10.3 | UNKNOWN |
| Ubuntu | 14.04 | noarch | ecryptfs-utils | < 104-0ubuntu1.14.04.3 | UNKNOWN |
| Ubuntu | 14.04 | noarch | ecryptfs-utils-dbg | < 104-0ubuntu1.14.04.3 | UNKNOWN |
| Ubuntu | 14.04 | noarch | libecryptfs-dev | < 104-0ubuntu1.14.04.3 | UNKNOWN |
| Ubuntu | 14.04 | noarch | libecryptfs0 | < 104-0ubuntu1.14.04.3 | UNKNOWN |
| Ubuntu | 14.04 | noarch | python-ecryptfs | < 104-0ubuntu1.14.04.3 | UNKNOWN |
References
Related
openvas
openvas
Ubuntu: Security Advisory (USN-2524-1)
2015-03-11 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:0290-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:0241-1)
2021-04-19 00:00:00
securityvulns
securityvulns
[USN-2524-1] eCryptfs vulnerability
2015-03-15 00:00:00
eCryptfs crypto vulnerabilities
2015-03-15 00:00:00
debiancve
debiancve
CVE-2014-9687
2015-03-16 14:59:00
ubuntucve
ubuntucve
CVE-2014-9687
2014-12-31 00:00:00
prion
prion
Default credentials
2015-03-16 14:59:00
nessus
nessus
RHEL 6 : ecryptfs-utils (Unpatched Vulnerability)
2024-06-03 00:00:00
Ubuntu 14.04 LTS : eCryptfs vulnerability (USN-2524-1)
2015-03-11 00:00:00
RHEL 7 : ecryptfs-utils (Unpatched Vulnerability)
2024-06-03 00:00:00
archlinux
archlinux
ecryptfs-utils: hard-coded passphrase salt
2015-03-17 00:00:00
cvelist
cvelist
CVE-2014-9687
2015-03-16 14:00:00
nvd
nvd
CVE-2014-9687
2015-03-16 14:59:00
cve
cve
CVE-2014-9687
2015-03-16 14:59:00
8.6 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
70.7%
Related for USN-2524-1