ID CVE-2011-3145
Summary When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfs_private.
References
Vulnerable Configurations
  • cpe:2.3:a:mount.ecrpytfs_private_project:mount.ecrpytfs_private:-:*:*:*:*:*:*:*
    cpe:2.3:a:mount.ecrpytfs_private_project:mount.ecrpytfs_private:-:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 09-10-2019 - 23:03)
Impact:
Exploitability:
CWE CWE-254
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
bugzilla
id 732607
title CVE-2011-3145 ecryptfs-utils: incorrect mtab group ownership
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 6 is installed
      oval oval:com.redhat.rhba:tst:20111656003
    • OR
      • AND
        • comment ecryptfs-utils is earlier than 0:82-6.el6_1.3
          oval oval:com.redhat.rhsa:tst:20111241001
        • comment ecryptfs-utils is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111241002
      • AND
        • comment ecryptfs-utils-devel is earlier than 0:82-6.el6_1.3
          oval oval:com.redhat.rhsa:tst:20111241003
        • comment ecryptfs-utils-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111241004
      • AND
        • comment ecryptfs-utils-python is earlier than 0:82-6.el6_1.3
          oval oval:com.redhat.rhsa:tst:20111241005
        • comment ecryptfs-utils-python is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111241006
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331005
    • OR
      • AND
        • comment ecryptfs-utils is earlier than 0:75-5.el5_7.2
          oval oval:com.redhat.rhsa:tst:20111241008
        • comment ecryptfs-utils is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20091307002
      • AND
        • comment ecryptfs-utils-devel is earlier than 0:75-5.el5_7.2
          oval oval:com.redhat.rhsa:tst:20111241010
        • comment ecryptfs-utils-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20091307004
      • AND
        • comment ecryptfs-utils-gui is earlier than 0:75-5.el5_7.2
          oval oval:com.redhat.rhsa:tst:20111241012
        • comment ecryptfs-utils-gui is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20091307006
rhsa
id RHSA-2011:1241
released 2011-08-31
severity Moderate
title RHSA-2011:1241: ecryptfs-utils security update (Moderate)
rpms
  • ecryptfs-utils-0:75-5.el5_7.2
  • ecryptfs-utils-0:82-6.el6_1.3
  • ecryptfs-utils-debuginfo-0:75-5.el5_7.2
  • ecryptfs-utils-debuginfo-0:82-6.el6_1.3
  • ecryptfs-utils-devel-0:75-5.el5_7.2
  • ecryptfs-utils-devel-0:82-6.el6_1.3
  • ecryptfs-utils-gui-0:75-5.el5_7.2
  • ecryptfs-utils-python-0:82-6.el6_1.3
refmap via4
misc http://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/558
Last major update 09-10-2019 - 23:03
Published 22-04-2019 - 16:29
Last modified 09-10-2019 - 23:03
Back to Top