Articles / Ubuntu: New eCryptfs packag…

Ubuntu: New eCryptfs packages fix security vulnerabilities

Vasiliy Kulikov and Dan Rosenberg discovered that eCryptfs incorrectly validated permissions on the requested mountpoint. A local attacker could use this flaw to mount to arbitrary locations, leading to privilege escalation. Vasiliy Kulikov and Dan Rosenberg discovered that eCryptfs incorrectly validated permissions on the requested mountpoint. A local attacker could use this flaw to unmount to arbitrary locations, leading to a denial of service. Vasiliy Kulikov and Dan Rosenberg discovered that eCryptfs incorrectly validated permissions on the requested source directory. A local attacker could use this flaw to mount an arbitrary directory, possibly leading to information disclosure. A pending kernel update will provide the other half of the fix for this issue.

Dan Rosenberg and Marc Deslauriers discovered that eCryptfs incorrectly handled modifications to the mtab file when an error occurs. A local attacker could use this flaw to corrupt the mtab file, and possibly unmount arbitrary locations, leading to a denial of service. Marc Deslauriers discovered that eCryptfs incorrectly handled keys when setting up an encrypted private directory. A local attacker could use this flaw to manipulate keys during creation of a new user. Marc Deslauriers discovered that eCryptfs incorrectly handled permissions during recovery. A local attacker could use this flaw to possibly access another user’s data during the recovery process.

Vasiliy Kulikov discovered that eCryptfs incorrectly handled lock counters. A local attacker could use this flaw to possibly overwrite arbitrary files. Updated packages are available from security.ubuntu.com.

==========================================================================
Ubuntu Security Notice USN-1188-1
August 09, 2011

ecryptfs-utils vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS

Summary:

eCryptfs could be tricked into mounting and unmounting arbitrary locations,
and possibly disclose confidential information.

Software Description:
- ecryptfs-utils: ecryptfs cryptographic filesystem (utilities)

Details:

Vasiliy Kulikov and Dan Rosenberg discovered that eCryptfs incorrectly
validated permissions on the requested mountpoint. A local attacker could
use this flaw to mount to arbitrary locations, leading to privilege
escalation. (CVE-2011-1831)

Vasiliy Kulikov and Dan Rosenberg discovered that eCryptfs incorrectly
validated permissions on the requested mountpoint. A local attacker could
use this flaw to unmount to arbitrary locations, leading to a denial of
service. (CVE-2011-1832)

Vasiliy Kulikov and Dan Rosenberg discovered that eCryptfs incorrectly
validated permissions on the requested source directory. A local attacker
could use this flaw to mount an arbitrary directory, possibly leading to
information disclosure. A pending kernel update will provide the other
half of the fix for this issue. (CVE-2011-1833)

Dan Rosenberg and Marc Deslauriers discovered that eCryptfs incorrectly
handled modifications to the mtab file when an error occurs. A local
attacker could use this flaw to corrupt the mtab file, and possibly unmount
arbitrary locations, leading to a denial of service. (CVE-2011-1834)

Marc Deslauriers discovered that eCryptfs incorrectly handled keys when
setting up an encrypted private directory. A local attacker could use this
flaw to manipulate keys during creation of a new user. (CVE-2011-1835)

Marc Deslauriers discovered that eCryptfs incorrectly handled permissions
during recovery. A local attacker could use this flaw to possibly access
another user's data during the recovery process. This issue only applied to
Ubuntu 11.04. (CVE-2011-1836)

Vasiliy Kulikov discovered that eCryptfs incorrectly handled lock counters.
A local attacker could use this flaw to possibly overwrite arbitrary files.
The default symlink restrictions in Ubuntu 10.10 and 11.04 should protect
against this issue. (CVE-2011-1837)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.04:
 ecryptfs-utils                  87-0ubuntu1.1

Ubuntu 10.10:
 ecryptfs-utils                  83-0ubuntu3.2.10.10.1

Ubuntu 10.04 LTS:
 ecryptfs-utils                  83-0ubuntu3.2.10.04.1

In general, a standard system update will make all the necessary changes.

References:
 http://www.ubuntu.com/usn/usn-1188-1
 CVE-2011-1831, CVE-2011-1832, CVE-2011-1833, CVE-2011-1834,
 CVE-2011-1835, CVE-2011-1836, CVE-2011-1837

Package Information:
 https://launchpad.net/ubuntu/+source/ecryptfs-utils/87-0ubuntu1.1
 https://launchpad.net/ubuntu/+source/ecryptfs-utils/83-0ubuntu3.2.10.10.1
 https://launchpad.net/ubuntu/+source/ecryptfs-utils/83-0ubuntu3.2.10.04.1
Screenshot

Project Spotlight

Kigo Video Converter Ultimate for Mac

A tool for converting and editing videos.

Screenshot

Project Spotlight

Kid3

An efficient tagger for MP3, Ogg/Vorbis, and FLAC files.