Articles / Debian: Security update for…

Debian: Security update for ecryptfs-utils

Several problems have been discovered in ecryptfs-utils, a cryptographic filesystem for Linux. Vasiliy Kulikov of Openwall and Dan Rosenberg discovered that eCryptfs incorrectly validated permissions on the requested mountpoint. A local attacker could use this flaw to mount to arbitrary locations, leading to privilege escalation. Vasiliy Kulikov of Openwall and Dan Rosenberg discovered that eCryptfs incorrectly validated permissions on the requested mountpoint. A local attacker could use this flaw to unmount to arbitrary locations, leading to a denial of service. Dan Rosenberg and Marc Deslauriers discovered that eCryptfs incorrectly handled modifications to the mtab file when an error occurs. A local attacker could use this flaw to corrupt the mtab file, and possibly unmount arbitrary locations, leading to a denial of service.

Marc Deslauriers discovered that eCryptfs incorrectly handled keys when setting up an encrypted private directory. A local attacker could use this flaw to manipulate keys during creation of a new user. Vasiliy Kulikov of Openwall discovered that eCryptfs incorrectly handled lock counters. A local attacker could use this flaw to possibly overwrite arbitrary files.

Updated packages are available from security.ubuntu.com.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2382-1                   security@debian.org
http://www.debian.org/security/                        Jonathan Wiltshire
January 07, 2012                       http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : ecryptfs-utils
Vulnerability  : multiple
Problem type   : local
Debian-specific: no
CVE ID         : CVE-2011-1831 CVE-2011-1832 CVE-2011-1834 CVE-2011-1835 
                CVE-2011-1837 CVE-2011-3145 

Several problems have been discovered in ecryptfs-utils, a cryptographic
filesystem for Linux.

CVE-2011-1831

 Vasiliy Kulikov of Openwall and Dan Rosenberg discovered that eCryptfs
 incorrectly validated permissions on the requested mountpoint. A local
 attacker could use this flaw to mount to arbitrary locations, leading
 to privilege escalation.

CVE-2011-1832

 Vasiliy Kulikov of Openwall and Dan Rosenberg discovered that eCryptfs
 incorrectly validated permissions on the requested mountpoint. A local
 attacker could use this flaw to unmount to arbitrary locations, leading
 to a denial of service.

CVE-2011-1834

 Dan Rosenberg and Marc Deslauriers discovered that eCryptfs incorrectly
 handled modifications to the mtab file when an error occurs. A local
 attacker could use this flaw to corrupt the mtab file, and possibly
 unmount arbitrary locations, leading to a denial of service.

CVE-2011-1835

 Marc Deslauriers discovered that eCryptfs incorrectly handled keys when
 setting up an encrypted private directory. A local attacker could use
 this flaw to manipulate keys during creation of a new user.

CVE-2011-1837

 Vasiliy Kulikov of Openwall discovered that eCryptfs incorrectly handled
 lock counters. A local attacker could use this flaw to possibly overwrite
 arbitrary files.

We acknowledge the work of the Ubuntu distribution in preparing patches
suitable for near-direct inclusion in the Debian package.

For the oldstable distribution (lenny), these problems have been fixed in
version 68-1+lenny1.

For the stable distribution (squeeze), these problems have been fixed in
version 83-4+squeeze1.

For the testing distribution (wheezy) and the unstable distribution (sid),
these problems have been fixed in version 95-1.

We recommend that you upgrade your ecryptfs-utils packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQEcBAEBAgAGBQJPCJaDAAoJEL97/wQC1SS+eKAH/3TKaU7EDHYi53WPas0ZRH7a
HLS/BToZs2DrMHPzW8IMvCWNavFUy5WnEdRNZgpRPcULonK4Iabsp0XskUFMlJOZ
vbWrjdupnDRFYiQWdcrXdmYBM0xKVaXuwND/ZZUL6KWWGUIL5QF+q03nHE4kWSHc
sRORBQ5gqNWqYtrkVjUDntccASW9vLYaVFixGzNy8lol79ps+laRC58TTjLv5s6Q
fTsPyY/tf7Nsmm5mMyihpJ+WKDUZDOfjxkyIwnnInoomwmLJhKorMA0D6Ry6Mud7
2DLuShV/jR8sEkXBPpoa29CIIrW8P/LSvEbJKIGUi55fMDWwkz1DE7ACVU+hRK4=
=xE87
-----END PGP SIGNATURE-----
Screenshot

Project Spotlight

Kigo Video Converter Ultimate for Mac

A tool for converting and editing videos.

Screenshot

Project Spotlight

Kid3

An efficient tagger for MP3, Ogg/Vorbis, and FLAC files.