ID CVE-2011-3145
Summary When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfs_private.
References
Vulnerable Configurations
  • cpe:2.3:a:mount.ecrpytfs_private_project:mount.ecrpytfs_private:-:*:*:*:*:*:*:*
    cpe:2.3:a:mount.ecrpytfs_private_project:mount.ecrpytfs_private:-:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 09-10-2019 - 23:03)
Impact:
Exploitability:
CWE CWE-254
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
bugzilla
id 732607
title CVE-2011-3145 ecryptfs-utils: incorrect mtab group ownership
oval
OR
  • AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
    • OR
      • AND
        • comment ecryptfs-utils is earlier than 0:82-6.el6_1.3
          oval oval:com.redhat.rhsa:tst:20111241005
        • comment ecryptfs-utils is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111241006
      • AND
        • comment ecryptfs-utils-devel is earlier than 0:82-6.el6_1.3
          oval oval:com.redhat.rhsa:tst:20111241009
        • comment ecryptfs-utils-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111241010
      • AND
        • comment ecryptfs-utils-python is earlier than 0:82-6.el6_1.3
          oval oval:com.redhat.rhsa:tst:20111241007
        • comment ecryptfs-utils-python is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111241008
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment ecryptfs-utils is earlier than 0:75-5.el5_7.2
          oval oval:com.redhat.rhsa:tst:20111241012
        • comment ecryptfs-utils is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20091307003
      • AND
        • comment ecryptfs-utils-devel is earlier than 0:75-5.el5_7.2
          oval oval:com.redhat.rhsa:tst:20111241014
        • comment ecryptfs-utils-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20091307005
      • AND
        • comment ecryptfs-utils-gui is earlier than 0:75-5.el5_7.2
          oval oval:com.redhat.rhsa:tst:20111241016
        • comment ecryptfs-utils-gui is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20091307007
rhsa
id RHSA-2011:1241
released 2011-08-31
severity Moderate
title RHSA-2011:1241: ecryptfs-utils security update (Moderate)
rpms
  • ecryptfs-utils-0:82-6.el6_1.3
  • ecryptfs-utils-devel-0:82-6.el6_1.3
  • ecryptfs-utils-python-0:82-6.el6_1.3
  • ecryptfs-utils-0:75-5.el5_7.2
  • ecryptfs-utils-devel-0:75-5.el5_7.2
  • ecryptfs-utils-gui-0:75-5.el5_7.2
refmap via4
misc http://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/558
Last major update 09-10-2019 - 23:03
Published 22-04-2019 - 16:29
Back to Top