Lucene search

Veracode Vulnerability DatabaseVERACODE:24715

HistoryApr 10, 2020 - 1:02 a.m.

Privilege Escalation

2020-04-1001:02:45

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

JSON

encryptfs-utils is vulnerable to privilege escalation. A race condition flaw was found in the way mount.ecryptfs_private checked the permissions of a requested mount point when mounting an encrypted file system. A local attacker could possibly use this flaw to escalate their privileges by mounting over an arbitrary directory.

CPENameOperatorVersion
ecryptfs-utilseq56__8.el5
ecryptfs-utilseq41__1.el5
ecryptfs-utilseq56__8.el5
ecryptfs-utilseq41__1.el5

Name	Operator	Version
ecryptfs-utils	eq	56__8.el5
ecryptfs-utils	eq	41__1.el5
ecryptfs-utils	eq	56__8.el5
ecryptfs-utils	eq	41__1.el5

References

lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html

www.ubuntu.com/usn/USN-1188-1

access.redhat.com/errata/RHSA-2011:1241

access.redhat.com/security/updates/classification/#moderate

access.redhat.com/support/offerings/techpreview/

bugzilla.redhat.com/show_bug.cgi?id=729465

launchpad.net/ecryptfs/+download

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

JSON

Related for VERACODE:24715