ID CVE-2011-3145
Summary When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfs_private.
References
Vulnerable Configurations
  • cpe:2.3:a:mount.ecrpytfs_private_project:mount.ecrpytfs_private
    cpe:2.3:a:mount.ecrpytfs_private_project:mount.ecrpytfs_private
CVSS
Base: 7.5
Impact:
Exploitability:
CWE CWE-254
CAPEC
nessus via4
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1196-1.NASL
    description It was discovered that eCryptfs incorrectly handled permissions when modifying the mtab file. A local attacker could use this flaw to manipulate the mtab file, and possibly unmount arbitrary locations, leading to a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 55968
    published 2011-08-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55968
    title Ubuntu 10.04 LTS / 10.10 / 11.04 : ecryptfs-utils vulnerability (USN-1196-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_4_ECRYPTFS-UTILS-111214.NASL
    description mount.ecrpytfs_private did not set correct group ownerships when it modifies mtab (CVE-2011-3145).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75822
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75822
    title openSUSE Security Update : ecryptfs-utils (openSUSE-SU-2012:0106-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2382.NASL
    description Several problems have been discovered in eCryptfs, a cryptographic filesystem for Linux. - CVE-2011-1831 Vasiliy Kulikov of Openwall and Dan Rosenberg discovered that eCryptfs incorrectly validated permissions on the requested mountpoint. A local attacker could use this flaw to mount to arbitrary locations, leading to privilege escalation. - CVE-2011-1832 Vasiliy Kulikov of Openwall and Dan Rosenberg discovered that eCryptfs incorrectly validated permissions on the requested mountpoint. A local attacker could use this flaw to unmount to arbitrary locations, leading to a denial of service. - CVE-2011-1834 Dan Rosenberg and Marc Deslauriers discovered that eCryptfs incorrectly handled modifications to the mtab file when an error occurs. A local attacker could use this flaw to corrupt the mtab file, and possibly unmount arbitrary locations, leading to a denial of service. - CVE-2011-1835 Marc Deslauriers discovered that eCryptfs incorrectly handled keys when setting up an encrypted private directory. A local attacker could use this flaw to manipulate keys during creation of a new user. - CVE-2011-1837 Vasiliy Kulikov of Openwall discovered that eCryptfs incorrectly handled lock counters. A local attacker could use this flaw to possibly overwrite arbitrary files. We acknowledge the work of the Ubuntu distribution in preparing patches suitable for near-direct inclusion in the Debian package.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 57522
    published 2012-01-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57522
    title Debian DSA-2382-1 : ecryptfs-utils - multiple vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-11979.NASL
    description - fix incorrect mtab group ownership Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 56201
    published 2011-09-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56201
    title Fedora 14 : ecryptfs-utils-90-2.fc14 (2011-11979)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-11871.NASL
    description - fix incorrect mtab group ownership Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 56349
    published 2011-10-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56349
    title Fedora 16 : ecryptfs-utils-90-2.fc16 (2011-11871)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-11936.NASL
    description - fix incorrect mtab group ownership Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 56200
    published 2011-09-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56200
    title Fedora 15 : ecryptfs-utils-90-2.fc15 (2011-11936)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_ECRYPTFS-UTILS-120420.NASL
    description ecryptfs-utils was updated to fix a security issue and some bugs. Security issue fixed: mount.ecryptfs_private did not set correct group ownerships when it modifies mtab. (CVE-2011-3145) Also some bugs that made this set of tools non-working were fixed. You need to manually hand setuid root permissions to /sbin/mount.ecryptfs_private if you want to use it as a non-root user.
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 64126
    published 2013-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64126
    title SuSE 11.1 Security Update : ecryptfs-utils (SAT Patch Number 6187)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20110831_ECRYPTFS_UTILS_ON_SL5_X.NASL
    description eCryptfs is a stacked, cryptographic file system. It is transparent to the underlying file system and provides per-file granularity. The setuid mount.ecryptfs_private utility allows users to mount an eCryptfs file system. This utility can only be run by users in the 'ecryptfs' group. A race condition flaw was found in the way mount.ecryptfs_private checked the permissions of a requested mount point when mounting an encrypted file system. A local attacker could possibly use this flaw to escalate their privileges by mounting over an arbitrary directory. (CVE-2011-1831) A race condition flaw in umount.ecryptfs_private could allow a local attacker to unmount an arbitrary file system. (CVE-2011-1832) It was found that mount.ecryptfs_private did not handle certain errors correctly when updating the mtab (mounted file systems table) file, allowing a local attacker to corrupt the mtab file and possibly unmount an arbitrary file system. (CVE-2011-1834) An insecure temporary file use flaw was found in the ecryptfs-setup-private script. A local attacker could use this script to insert their own key that will subsequently be used by a new user, possibly giving the attacker access to the user's encrypted data if existing file permissions allow access. (CVE-2011-1835) A race condition flaw in mount.ecryptfs_private could allow a local attacker to overwrite arbitrary files. (CVE-2011-1837) A race condition flaw in the way temporary files were accessed in mount.ecryptfs_private could allow a malicious, local user to make arbitrary modifications to the mtab file. (CVE-2011-3145) A race condition flaw was found in the way mount.ecryptfs_private checked the permissions of the directory to mount. A local attacker could use this flaw to mount (and then access) a directory they would otherwise not have access to. Note: The fix for this issue is incomplete until a kernel-space change is made. Future Scientific Linux 5 and 6 kernel updates will correct this issue. (CVE-2011-1833) Users of ecryptfs-utils are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 61124
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61124
    title Scientific Linux Security Update : ecryptfs-utils on SL5.x, SL6.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_3_ECRYPTFS-UTILS-111214.NASL
    description mount.ecrpytfs_private did not set correct group ownerships when it modifies mtab (CVE-2011-3145).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75474
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75474
    title openSUSE Security Update : ecryptfs-utils (openSUSE-SU-2012:0106-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2011-1241.NASL
    description From Red Hat Security Advisory 2011:1241 : Updated ecryptfs-utils packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. eCryptfs is a stacked, cryptographic file system. It is transparent to the underlying file system and provides per-file granularity. eCryptfs is released as a Technology Preview for Red Hat Enterprise Linux 5 and 6. The setuid mount.ecryptfs_private utility allows users to mount an eCryptfs file system. This utility can only be run by users in the 'ecryptfs' group. A race condition flaw was found in the way mount.ecryptfs_private checked the permissions of a requested mount point when mounting an encrypted file system. A local attacker could possibly use this flaw to escalate their privileges by mounting over an arbitrary directory. (CVE-2011-1831) A race condition flaw in umount.ecryptfs_private could allow a local attacker to unmount an arbitrary file system. (CVE-2011-1832) It was found that mount.ecryptfs_private did not handle certain errors correctly when updating the mtab (mounted file systems table) file, allowing a local attacker to corrupt the mtab file and possibly unmount an arbitrary file system. (CVE-2011-1834) An insecure temporary file use flaw was found in the ecryptfs-setup-private script. A local attacker could use this script to insert their own key that will subsequently be used by a new user, possibly giving the attacker access to the user's encrypted data if existing file permissions allow access. (CVE-2011-1835) A race condition flaw in mount.ecryptfs_private could allow a local attacker to overwrite arbitrary files. (CVE-2011-1837) A race condition flaw in the way temporary files were accessed in mount.ecryptfs_private could allow a malicious, local user to make arbitrary modifications to the mtab file. (CVE-2011-3145) A race condition flaw was found in the way mount.ecryptfs_private checked the permissions of the directory to mount. A local attacker could use this flaw to mount (and then access) a directory they would otherwise not have access to. Note: The fix for this issue is incomplete until a kernel-space change is made. Future Red Hat Enterprise Linux 5 and 6 kernel updates will correct this issue. (CVE-2011-1833) Red Hat would like to thank the Ubuntu Security Team for reporting these issues. The Ubuntu Security Team acknowledges Vasiliy Kulikov of Openwall and Dan Rosenberg as the original reporters of CVE-2011-1831, CVE-2011-1832, and CVE-2011-1833; Dan Rosenberg and Marc Deslauriers as the original reporters of CVE-2011-1834; Marc Deslauriers as the original reporter of CVE-2011-1835; and Vasiliy Kulikov of Openwall as the original reporter of CVE-2011-1837. Users of ecryptfs-utils are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68338
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68338
    title Oracle Linux 5 / 6 : ecryptfs-utils (ELSA-2011-1241)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2011-1241.NASL
    description Updated ecryptfs-utils packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. eCryptfs is a stacked, cryptographic file system. It is transparent to the underlying file system and provides per-file granularity. eCryptfs is released as a Technology Preview for Red Hat Enterprise Linux 5 and 6. The setuid mount.ecryptfs_private utility allows users to mount an eCryptfs file system. This utility can only be run by users in the 'ecryptfs' group. A race condition flaw was found in the way mount.ecryptfs_private checked the permissions of a requested mount point when mounting an encrypted file system. A local attacker could possibly use this flaw to escalate their privileges by mounting over an arbitrary directory. (CVE-2011-1831) A race condition flaw in umount.ecryptfs_private could allow a local attacker to unmount an arbitrary file system. (CVE-2011-1832) It was found that mount.ecryptfs_private did not handle certain errors correctly when updating the mtab (mounted file systems table) file, allowing a local attacker to corrupt the mtab file and possibly unmount an arbitrary file system. (CVE-2011-1834) An insecure temporary file use flaw was found in the ecryptfs-setup-private script. A local attacker could use this script to insert their own key that will subsequently be used by a new user, possibly giving the attacker access to the user's encrypted data if existing file permissions allow access. (CVE-2011-1835) A race condition flaw in mount.ecryptfs_private could allow a local attacker to overwrite arbitrary files. (CVE-2011-1837) A race condition flaw in the way temporary files were accessed in mount.ecryptfs_private could allow a malicious, local user to make arbitrary modifications to the mtab file. (CVE-2011-3145) A race condition flaw was found in the way mount.ecryptfs_private checked the permissions of the directory to mount. A local attacker could use this flaw to mount (and then access) a directory they would otherwise not have access to. Note: The fix for this issue is incomplete until a kernel-space change is made. Future Red Hat Enterprise Linux 5 and 6 kernel updates will correct this issue. (CVE-2011-1833) Red Hat would like to thank the Ubuntu Security Team for reporting these issues. The Ubuntu Security Team acknowledges Vasiliy Kulikov of Openwall and Dan Rosenberg as the original reporters of CVE-2011-1831, CVE-2011-1832, and CVE-2011-1833; Dan Rosenberg and Marc Deslauriers as the original reporters of CVE-2011-1834; Marc Deslauriers as the original reporter of CVE-2011-1835; and Vasiliy Kulikov of Openwall as the original reporter of CVE-2011-1837. Users of ecryptfs-utils are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 56273
    published 2011-09-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56273
    title CentOS 5 : ecryptfs-utils (CESA-2011:1241)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2011-1241.NASL
    description Updated ecryptfs-utils packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. eCryptfs is a stacked, cryptographic file system. It is transparent to the underlying file system and provides per-file granularity. eCryptfs is released as a Technology Preview for Red Hat Enterprise Linux 5 and 6. The setuid mount.ecryptfs_private utility allows users to mount an eCryptfs file system. This utility can only be run by users in the 'ecryptfs' group. A race condition flaw was found in the way mount.ecryptfs_private checked the permissions of a requested mount point when mounting an encrypted file system. A local attacker could possibly use this flaw to escalate their privileges by mounting over an arbitrary directory. (CVE-2011-1831) A race condition flaw in umount.ecryptfs_private could allow a local attacker to unmount an arbitrary file system. (CVE-2011-1832) It was found that mount.ecryptfs_private did not handle certain errors correctly when updating the mtab (mounted file systems table) file, allowing a local attacker to corrupt the mtab file and possibly unmount an arbitrary file system. (CVE-2011-1834) An insecure temporary file use flaw was found in the ecryptfs-setup-private script. A local attacker could use this script to insert their own key that will subsequently be used by a new user, possibly giving the attacker access to the user's encrypted data if existing file permissions allow access. (CVE-2011-1835) A race condition flaw in mount.ecryptfs_private could allow a local attacker to overwrite arbitrary files. (CVE-2011-1837) A race condition flaw in the way temporary files were accessed in mount.ecryptfs_private could allow a malicious, local user to make arbitrary modifications to the mtab file. (CVE-2011-3145) A race condition flaw was found in the way mount.ecryptfs_private checked the permissions of the directory to mount. A local attacker could use this flaw to mount (and then access) a directory they would otherwise not have access to. Note: The fix for this issue is incomplete until a kernel-space change is made. Future Red Hat Enterprise Linux 5 and 6 kernel updates will correct this issue. (CVE-2011-1833) Red Hat would like to thank the Ubuntu Security Team for reporting these issues. The Ubuntu Security Team acknowledges Vasiliy Kulikov of Openwall and Dan Rosenberg as the original reporters of CVE-2011-1831, CVE-2011-1832, and CVE-2011-1833; Dan Rosenberg and Marc Deslauriers as the original reporters of CVE-2011-1834; Marc Deslauriers as the original reporter of CVE-2011-1835; and Vasiliy Kulikov of Openwall as the original reporter of CVE-2011-1837. Users of ecryptfs-utils are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 56028
    published 2011-09-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56028
    title RHEL 5 / 6 : ecryptfs-utils (RHSA-2011:1241)
redhat via4
advisories
bugzilla
id 732607
title CVE-2011-3145 ecryptfs-utils: incorrect mtab group ownership
oval
OR
  • AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
    • OR
      • AND
        • comment ecryptfs-utils is earlier than 0:82-6.el6_1.3
          oval oval:com.redhat.rhsa:tst:20111241005
        • comment ecryptfs-utils is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111241006
      • AND
        • comment ecryptfs-utils-devel is earlier than 0:82-6.el6_1.3
          oval oval:com.redhat.rhsa:tst:20111241009
        • comment ecryptfs-utils-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111241010
      • AND
        • comment ecryptfs-utils-python is earlier than 0:82-6.el6_1.3
          oval oval:com.redhat.rhsa:tst:20111241007
        • comment ecryptfs-utils-python is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111241008
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment ecryptfs-utils is earlier than 0:75-5.el5_7.2
          oval oval:com.redhat.rhsa:tst:20111241012
        • comment ecryptfs-utils is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20091307003
      • AND
        • comment ecryptfs-utils-devel is earlier than 0:75-5.el5_7.2
          oval oval:com.redhat.rhsa:tst:20111241014
        • comment ecryptfs-utils-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20091307005
      • AND
        • comment ecryptfs-utils-gui is earlier than 0:75-5.el5_7.2
          oval oval:com.redhat.rhsa:tst:20111241016
        • comment ecryptfs-utils-gui is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20091307007
rhsa
id RHSA-2011:1241
released 2011-08-31
severity Moderate
title RHSA-2011:1241: ecryptfs-utils security update (Moderate)
rpms
  • ecryptfs-utils-0:82-6.el6_1.3
  • ecryptfs-utils-devel-0:82-6.el6_1.3
  • ecryptfs-utils-python-0:82-6.el6_1.3
  • ecryptfs-utils-0:75-5.el5_7.2
  • ecryptfs-utils-devel-0:75-5.el5_7.2
  • ecryptfs-utils-gui-0:75-5.el5_7.2
refmap via4
misc http://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/558
Last major update 22-04-2019 - 12:29
Published 22-04-2019 - 12:29
Last modified 29-04-2019 - 12:24
Back to Top