CVSS: 4.6EPSS: 0%CPEs: 31EXPL: 0CVE-2011-1832 – ecryptfs: multiple flaws to mount/umount arbitrary locations and possibly disclose confidential information
https://notcve.org/view.php?id=CVE-2011-1832
utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to remove directories via a umount system call. utils/mount.ecryptfs_private.c en ecryptfs-utils anterior a 90 no comprueba debidamente los permisos del punto de montaje, lo que permite a usuarios locales eliminar directorios a través de una llamada al sistema umount. • http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html http://www.ubuntu.com/usn/USN-1188-1 https://bugzilla.redhat.com/show_bug.cgi?id=729465 https://launchpad.net/ecryptfs/+download https://access.redhat.com/security/cve/CVE-2011-1832 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.6EPSS: 0%CPEs: 31EXPL: 0CVE-2011-1835 – ecryptfs: multiple flaws to mount/umount arbitrary locations and possibly disclose confidential information
https://notcve.org/view.php?id=CVE-2011-1835
The encrypted private-directory setup process in utils/ecryptfs-setup-private in ecryptfs-utils before 90 does not properly ensure that the passphrase file is created, which might allow local users to bypass intended access restrictions at a certain time in the new-user creation steps. El proceso de configuración de directorio privado cifrado en utils/ecryptfs-setup-private en ecryptfs-utils anterior a 90 no asegura debidamente que el archivo passphrase es creado, lo que podría permitir a usuarios locales evadir las restricciones de acceso en cierto momento en los pasos de creación de un nuevo usuario. • http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html http://www.ubuntu.com/usn/USN-1188-1 https://bugzilla.redhat.com/show_bug.cgi?id=729465 https://launchpad.net/ecryptfs/+download https://access.redhat.com/security/cve/CVE-2011-1835 • CWE-255: Credentials Management Errors •
CVSS: 4.6EPSS: 0%CPEs: 31EXPL: 0CVE-2011-1831 – ecryptfs: multiple flaws to mount/umount arbitrary locations and possibly disclose confidential information
https://notcve.org/view.php?id=CVE-2011-1831
utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to effectively replace any directory with a new filesystem, and consequently gain privileges, via a mount system call. utils/mount.ecryptfs_private.c en ecryptfs-utils anterior a 90 no comprueba debidamente los permisos del punto de montaje, lo que permite a usuarios locales reemplazar efectivamente cualquier directorio con un sistema de archivos nuevo, y en consecuencia ganar privilegios, a través de una llamada al sistema mount. • http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html http://www.ubuntu.com/usn/USN-1188-1 https://bugzilla.redhat.com/show_bug.cgi?id=729465 https://launchpad.net/ecryptfs/+download https://access.redhat.com/security/cve/CVE-2011-1831 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.6EPSS: 0%CPEs: 31EXPL: 0CVE-2011-1837 – ecryptfs: multiple flaws to mount/umount arbitrary locations and possibly disclose confidential information
https://notcve.org/view.php?id=CVE-2011-1837
The lock-counter implementation in utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 allows local users to overwrite arbitrary files via unspecified vectors. La implementación lock-counter en utils/mount.ecryptfs_private.c en ecryptfs-utils anterior a 90 permite a usuarios locales sobreescribir archivos arbitrarios a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html http://www.ubuntu.com/usn/USN-1188-1 https://bugzilla.redhat.com/show_bug.cgi?id=729465 https://launchpad.net/ecryptfs/+download https://access.redhat.com/security/cve/CVE-2011-1837 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.6EPSS: 0%CPEs: 31EXPL: 0CVE-2011-1836
https://notcve.org/view.php?id=CVE-2011-1836
utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process. utils/ecryptfs-recover-private en ecryptfs-utils anterior a 90 no establece un subdirectorio con permisos seguros, lo que podría permitir a usuarios locales evadir las restricciones de acceso a través de operaciones estándar del sistema de ficheros durante el proceso de recuperación. • http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html http://www.ubuntu.com/usn/USN-1188-1 https://bugzilla.redhat.com/show_bug.cgi?id=729465 https://launchpad.net/ecryptfs/+download • CWE-264: Permissions, Privileges, and Access Controls •