Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2011-1836 (GCVE-0-2011-1836)
Vulnerability from cvelistv5 – Published: 2014-02-15 11:00 – Updated: 2024-08-06 22:37
VLAI?
EPSS
Summary
utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2011-08-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:25.838Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2011:0898",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-06T14:57:00.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "SUSE-SU-2011:0898",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2011-1836",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2011:0898",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"name": "https://launchpad.net/ecryptfs/+download",
"refsource": "CONFIRM",
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=729465",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2011-1836",
"datePublished": "2014-02-15T11:00:00.000Z",
"dateReserved": "2011-04-27T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:37:25.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2011-1836",
"date": "2026-04-20",
"epss": "0.00047",
"percentile": "0.14159"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2011-1836\",\"sourceIdentifier\":\"security@ubuntu.com\",\"published\":\"2014-02-15T14:57:06.363\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process.\"},{\"lang\":\"es\",\"value\":\"utils/ecryptfs-recover-private en ecryptfs-utils anterior a 90 no establece un subdirectorio con permisos seguros, lo que podr\u00eda permitir a usuarios locales evadir las restricciones de acceso a trav\u00e9s de operaciones est\u00e1ndar del sistema de ficheros durante el proceso de recuperaci\u00f3n.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ecryptfs:ecryptfs-utils:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"89\",\"matchCriteriaId\":\"A9E226CD-F9E6-4B09-93B9-569D0FBDE943\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ecryptfs:ecryptfs-utils:62:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D197F4A3-473A-48FF-9C7F-658C6C1A6447\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ecryptfs:ecryptfs-utils:63:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"723E43D2-1130-424E-915E-1A6272FCEB41\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ecryptfs:ecryptfs-utils:64:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E01C51EC-BE54-48B9-B9A5-740836C97B01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ecryptfs:ecryptfs-utils:65:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0AFDA6DA-B6D7-4AAC-9288-A6AA459BE69B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ecryptfs:ecryptfs-utils:66:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC251173-56EF-47A9-A119-F9C274BAD2CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ecryptfs:ecryptfs-utils:67:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"605ABD47-0352-49ED-A144-7C5696E38C4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ecryptfs:ecryptfs-utils:68:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93457510-CCBF-4D63-B308-060BBAC06D2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ecryptfs:ecryptfs-utils:69:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0C9AC87-2A7B-45B5-BE9C-8244B777FAA2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ecryptfs:ecryptfs-utils:70:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4FC81566-A73B-463B-86AE-D81B25C5849E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ecryptfs:ecryptfs-utils:71:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD2BA072-A019-42FA-946D-53E01AC034AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ecryptfs:ecryptfs-utils:72:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77BDB4AC-112A-4CE9-88C7-4DEC352C7766\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ecryptfs:ecryptfs-utils:73:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"574C934F-BDE7-4917-B24D-586DF6E148F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ecryptfs:ecryptfs-utils:74:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74DB67B9-A924-4228-918F-322838B74E48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ecryptfs:ecryptfs-utils:75:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6916E70E-C639-4880-83AC-5A90C589FFDF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ecryptfs:ecryptfs-utils:76:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF0B9852-4258-4963-98C4-7FED40BB0BC9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ecryptfs:ecryptfs-utils:77:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1862F4F-D023-4C9E-B2CD-F6DF282AB351\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ecryptfs:ecryptfs-utils:78:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A905D1F-F329-451E-92E1-E3AEA75000BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ecryptfs:ecryptfs-utils:79:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CBD61AB-AE3C-4B21-A369-F38ED20489F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ecryptfs:ecryptfs-utils:80:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06DC6EF5-1192-4186-B99B-9615BF74F7B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ecryptfs:ecryptfs-utils:81:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F16E0B1E-C7FA-48D3-ACE1-5CCC4C8E3319\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ecryptfs:ecryptfs-utils:82:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FD6A8D7-2FEE-43B6-A6C2-C18A13A0E870\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ecryptfs:ecryptfs-utils:83:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"181A9F89-9B45-4025-BB7F-42B0AF6CB534\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ecryptfs:ecryptfs-utils:84:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC38EDAA-BF0C-4BE3-9151-995A329B6653\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ecryptfs:ecryptfs-utils:85:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE16EEF5-2EC2-4D35-8D0A-778E5F647600\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ecryptfs:ecryptfs-utils:86:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7759293-210E-498E-BF9C-E11A748174CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ecryptfs:ecryptfs-utils:87:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A41D43F-E57C-41CB-A121-D1E3692900B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ecryptfs:ecryptfs_utils:58:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE9A6D32-8A3D-4A25-BF1E-2ED812539F00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ecryptfs:ecryptfs_utils:59:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB9630D3-DE46-4C60-A9B0-57B8B9B3C857\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ecryptfs:ecryptfs_utils:60:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFE4E253-4CE1-4122-8FFA-974A466D309B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ecryptfs:ecryptfs_utils:61:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74A6D874-CFFC-49C8-8BB0-DC5DA52E5A16\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html\",\"source\":\"security@ubuntu.com\"},{\"url\":\"http://www.ubuntu.com/usn/USN-1188-1\",\"source\":\"security@ubuntu.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=729465\",\"source\":\"security@ubuntu.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://launchpad.net/ecryptfs/+download\",\"source\":\"security@ubuntu.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-1188-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=729465\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://launchpad.net/ecryptfs/+download\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
OPENSUSE-SU-2024:10118-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
ecryptfs-utils-108-2.5 on GA media
Severity
Moderate
Notes
Title of the patch: ecryptfs-utils-108-2.5 on GA media
Description of the patch: These are all security issues fixed in the ecryptfs-utils-108-2.5 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-10118
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.4 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "ecryptfs-utils-108-2.5 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the ecryptfs-utils-108-2.5 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10118",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10118-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-1831 page",
"url": "https://www.suse.com/security/cve/CVE-2011-1831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-1832 page",
"url": "https://www.suse.com/security/cve/CVE-2011-1832/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-1833 page",
"url": "https://www.suse.com/security/cve/CVE-2011-1833/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-1834 page",
"url": "https://www.suse.com/security/cve/CVE-2011-1834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-1835 page",
"url": "https://www.suse.com/security/cve/CVE-2011-1835/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-1836 page",
"url": "https://www.suse.com/security/cve/CVE-2011-1836/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-1837 page",
"url": "https://www.suse.com/security/cve/CVE-2011-1837/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-9687 page",
"url": "https://www.suse.com/security/cve/CVE-2014-9687/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-1572 page",
"url": "https://www.suse.com/security/cve/CVE-2016-1572/"
}
],
"title": "ecryptfs-utils-108-2.5 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10118-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ecryptfs-utils-108-2.5.aarch64",
"product": {
"name": "ecryptfs-utils-108-2.5.aarch64",
"product_id": "ecryptfs-utils-108-2.5.aarch64"
}
},
{
"category": "product_version",
"name": "ecryptfs-utils-32bit-108-2.5.aarch64",
"product": {
"name": "ecryptfs-utils-32bit-108-2.5.aarch64",
"product_id": "ecryptfs-utils-32bit-108-2.5.aarch64"
}
},
{
"category": "product_version",
"name": "ecryptfs-utils-devel-108-2.5.aarch64",
"product": {
"name": "ecryptfs-utils-devel-108-2.5.aarch64",
"product_id": "ecryptfs-utils-devel-108-2.5.aarch64"
}
},
{
"category": "product_version",
"name": "ecryptfs-utils-devel-32bit-108-2.5.aarch64",
"product": {
"name": "ecryptfs-utils-devel-32bit-108-2.5.aarch64",
"product_id": "ecryptfs-utils-devel-32bit-108-2.5.aarch64"
}
},
{
"category": "product_version",
"name": "libecryptfs1-108-2.5.aarch64",
"product": {
"name": "libecryptfs1-108-2.5.aarch64",
"product_id": "libecryptfs1-108-2.5.aarch64"
}
},
{
"category": "product_version",
"name": "libecryptfs1-32bit-108-2.5.aarch64",
"product": {
"name": "libecryptfs1-32bit-108-2.5.aarch64",
"product_id": "libecryptfs1-32bit-108-2.5.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ecryptfs-utils-108-2.5.ppc64le",
"product": {
"name": "ecryptfs-utils-108-2.5.ppc64le",
"product_id": "ecryptfs-utils-108-2.5.ppc64le"
}
},
{
"category": "product_version",
"name": "ecryptfs-utils-32bit-108-2.5.ppc64le",
"product": {
"name": "ecryptfs-utils-32bit-108-2.5.ppc64le",
"product_id": "ecryptfs-utils-32bit-108-2.5.ppc64le"
}
},
{
"category": "product_version",
"name": "ecryptfs-utils-devel-108-2.5.ppc64le",
"product": {
"name": "ecryptfs-utils-devel-108-2.5.ppc64le",
"product_id": "ecryptfs-utils-devel-108-2.5.ppc64le"
}
},
{
"category": "product_version",
"name": "ecryptfs-utils-devel-32bit-108-2.5.ppc64le",
"product": {
"name": "ecryptfs-utils-devel-32bit-108-2.5.ppc64le",
"product_id": "ecryptfs-utils-devel-32bit-108-2.5.ppc64le"
}
},
{
"category": "product_version",
"name": "libecryptfs1-108-2.5.ppc64le",
"product": {
"name": "libecryptfs1-108-2.5.ppc64le",
"product_id": "libecryptfs1-108-2.5.ppc64le"
}
},
{
"category": "product_version",
"name": "libecryptfs1-32bit-108-2.5.ppc64le",
"product": {
"name": "libecryptfs1-32bit-108-2.5.ppc64le",
"product_id": "libecryptfs1-32bit-108-2.5.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ecryptfs-utils-108-2.5.s390x",
"product": {
"name": "ecryptfs-utils-108-2.5.s390x",
"product_id": "ecryptfs-utils-108-2.5.s390x"
}
},
{
"category": "product_version",
"name": "ecryptfs-utils-32bit-108-2.5.s390x",
"product": {
"name": "ecryptfs-utils-32bit-108-2.5.s390x",
"product_id": "ecryptfs-utils-32bit-108-2.5.s390x"
}
},
{
"category": "product_version",
"name": "ecryptfs-utils-devel-108-2.5.s390x",
"product": {
"name": "ecryptfs-utils-devel-108-2.5.s390x",
"product_id": "ecryptfs-utils-devel-108-2.5.s390x"
}
},
{
"category": "product_version",
"name": "ecryptfs-utils-devel-32bit-108-2.5.s390x",
"product": {
"name": "ecryptfs-utils-devel-32bit-108-2.5.s390x",
"product_id": "ecryptfs-utils-devel-32bit-108-2.5.s390x"
}
},
{
"category": "product_version",
"name": "libecryptfs1-108-2.5.s390x",
"product": {
"name": "libecryptfs1-108-2.5.s390x",
"product_id": "libecryptfs1-108-2.5.s390x"
}
},
{
"category": "product_version",
"name": "libecryptfs1-32bit-108-2.5.s390x",
"product": {
"name": "libecryptfs1-32bit-108-2.5.s390x",
"product_id": "libecryptfs1-32bit-108-2.5.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ecryptfs-utils-108-2.5.x86_64",
"product": {
"name": "ecryptfs-utils-108-2.5.x86_64",
"product_id": "ecryptfs-utils-108-2.5.x86_64"
}
},
{
"category": "product_version",
"name": "ecryptfs-utils-32bit-108-2.5.x86_64",
"product": {
"name": "ecryptfs-utils-32bit-108-2.5.x86_64",
"product_id": "ecryptfs-utils-32bit-108-2.5.x86_64"
}
},
{
"category": "product_version",
"name": "ecryptfs-utils-devel-108-2.5.x86_64",
"product": {
"name": "ecryptfs-utils-devel-108-2.5.x86_64",
"product_id": "ecryptfs-utils-devel-108-2.5.x86_64"
}
},
{
"category": "product_version",
"name": "ecryptfs-utils-devel-32bit-108-2.5.x86_64",
"product": {
"name": "ecryptfs-utils-devel-32bit-108-2.5.x86_64",
"product_id": "ecryptfs-utils-devel-32bit-108-2.5.x86_64"
}
},
{
"category": "product_version",
"name": "libecryptfs1-108-2.5.x86_64",
"product": {
"name": "libecryptfs1-108-2.5.x86_64",
"product_id": "libecryptfs1-108-2.5.x86_64"
}
},
{
"category": "product_version",
"name": "libecryptfs1-32bit-108-2.5.x86_64",
"product": {
"name": "libecryptfs1-32bit-108-2.5.x86_64",
"product_id": "libecryptfs1-32bit-108-2.5.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ecryptfs-utils-108-2.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ecryptfs-utils-108-2.5.aarch64"
},
"product_reference": "ecryptfs-utils-108-2.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ecryptfs-utils-108-2.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ecryptfs-utils-108-2.5.ppc64le"
},
"product_reference": "ecryptfs-utils-108-2.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ecryptfs-utils-108-2.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ecryptfs-utils-108-2.5.s390x"
},
"product_reference": "ecryptfs-utils-108-2.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ecryptfs-utils-108-2.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ecryptfs-utils-108-2.5.x86_64"
},
"product_reference": "ecryptfs-utils-108-2.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ecryptfs-utils-32bit-108-2.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.aarch64"
},
"product_reference": "ecryptfs-utils-32bit-108-2.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ecryptfs-utils-32bit-108-2.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.ppc64le"
},
"product_reference": "ecryptfs-utils-32bit-108-2.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ecryptfs-utils-32bit-108-2.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.s390x"
},
"product_reference": "ecryptfs-utils-32bit-108-2.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ecryptfs-utils-32bit-108-2.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.x86_64"
},
"product_reference": "ecryptfs-utils-32bit-108-2.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ecryptfs-utils-devel-108-2.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.aarch64"
},
"product_reference": "ecryptfs-utils-devel-108-2.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ecryptfs-utils-devel-108-2.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.ppc64le"
},
"product_reference": "ecryptfs-utils-devel-108-2.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ecryptfs-utils-devel-108-2.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.s390x"
},
"product_reference": "ecryptfs-utils-devel-108-2.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ecryptfs-utils-devel-108-2.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.x86_64"
},
"product_reference": "ecryptfs-utils-devel-108-2.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ecryptfs-utils-devel-32bit-108-2.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.aarch64"
},
"product_reference": "ecryptfs-utils-devel-32bit-108-2.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ecryptfs-utils-devel-32bit-108-2.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.ppc64le"
},
"product_reference": "ecryptfs-utils-devel-32bit-108-2.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ecryptfs-utils-devel-32bit-108-2.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.s390x"
},
"product_reference": "ecryptfs-utils-devel-32bit-108-2.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ecryptfs-utils-devel-32bit-108-2.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.x86_64"
},
"product_reference": "ecryptfs-utils-devel-32bit-108-2.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecryptfs1-108-2.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libecryptfs1-108-2.5.aarch64"
},
"product_reference": "libecryptfs1-108-2.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecryptfs1-108-2.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libecryptfs1-108-2.5.ppc64le"
},
"product_reference": "libecryptfs1-108-2.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecryptfs1-108-2.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libecryptfs1-108-2.5.s390x"
},
"product_reference": "libecryptfs1-108-2.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecryptfs1-108-2.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libecryptfs1-108-2.5.x86_64"
},
"product_reference": "libecryptfs1-108-2.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecryptfs1-32bit-108-2.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.aarch64"
},
"product_reference": "libecryptfs1-32bit-108-2.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecryptfs1-32bit-108-2.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.ppc64le"
},
"product_reference": "libecryptfs1-32bit-108-2.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecryptfs1-32bit-108-2.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.s390x"
},
"product_reference": "libecryptfs1-32bit-108-2.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecryptfs1-32bit-108-2.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.x86_64"
},
"product_reference": "libecryptfs1-32bit-108-2.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2011-1831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-1831"
}
],
"notes": [
{
"category": "general",
"text": "utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to effectively replace any directory with a new filesystem, and consequently gain privileges, via a mount system call.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.x86_64",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.aarch64",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.ppc64le",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.s390x",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.x86_64",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-1831",
"url": "https://www.suse.com/security/cve/CVE-2011-1831"
},
{
"category": "external",
"summary": "SUSE Bug 709771 for CVE-2011-1831",
"url": "https://bugzilla.suse.com/709771"
},
{
"category": "external",
"summary": "SUSE Bug 711539 for CVE-2011-1831",
"url": "https://bugzilla.suse.com/711539"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.x86_64",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.aarch64",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.ppc64le",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.s390x",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.x86_64",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2011-1831"
},
{
"cve": "CVE-2011-1832",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-1832"
}
],
"notes": [
{
"category": "general",
"text": "utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to remove directories via a umount system call.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.x86_64",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.aarch64",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.ppc64le",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.s390x",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.x86_64",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-1832",
"url": "https://www.suse.com/security/cve/CVE-2011-1832"
},
{
"category": "external",
"summary": "SUSE Bug 709771 for CVE-2011-1832",
"url": "https://bugzilla.suse.com/709771"
},
{
"category": "external",
"summary": "SUSE Bug 711539 for CVE-2011-1832",
"url": "https://bugzilla.suse.com/711539"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.x86_64",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.aarch64",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.ppc64le",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.s390x",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.x86_64",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2011-1832"
},
{
"cve": "CVE-2011-1833",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-1833"
}
],
"notes": [
{
"category": "general",
"text": "Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in the eCryptfs subsystem in the Linux kernel before 3.1 allows local users to bypass intended file permissions via a mount.ecryptfs_private mount with a mismatched uid.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.x86_64",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.aarch64",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.ppc64le",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.s390x",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.x86_64",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-1833",
"url": "https://www.suse.com/security/cve/CVE-2011-1833"
},
{
"category": "external",
"summary": "SUSE Bug 709771 for CVE-2011-1833",
"url": "https://bugzilla.suse.com/709771"
},
{
"category": "external",
"summary": "SUSE Bug 711539 for CVE-2011-1833",
"url": "https://bugzilla.suse.com/711539"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.x86_64",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.aarch64",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.ppc64le",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.s390x",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.x86_64",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2011-1833"
},
{
"cve": "CVE-2011-1834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-1834"
}
],
"notes": [
{
"category": "general",
"text": "utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly maintain the mtab file during error conditions, which allows local users to cause a denial of service (table corruption) or bypass intended unmounting restrictions via a umount system call.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.x86_64",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.aarch64",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.ppc64le",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.s390x",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.x86_64",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-1834",
"url": "https://www.suse.com/security/cve/CVE-2011-1834"
},
{
"category": "external",
"summary": "SUSE Bug 709771 for CVE-2011-1834",
"url": "https://bugzilla.suse.com/709771"
},
{
"category": "external",
"summary": "SUSE Bug 711539 for CVE-2011-1834",
"url": "https://bugzilla.suse.com/711539"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.x86_64",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.aarch64",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.ppc64le",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.s390x",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.x86_64",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2011-1834"
},
{
"cve": "CVE-2011-1835",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-1835"
}
],
"notes": [
{
"category": "general",
"text": "The encrypted private-directory setup process in utils/ecryptfs-setup-private in ecryptfs-utils before 90 does not properly ensure that the passphrase file is created, which might allow local users to bypass intended access restrictions at a certain time in the new-user creation steps.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.x86_64",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.aarch64",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.ppc64le",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.s390x",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.x86_64",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-1835",
"url": "https://www.suse.com/security/cve/CVE-2011-1835"
},
{
"category": "external",
"summary": "SUSE Bug 709771 for CVE-2011-1835",
"url": "https://bugzilla.suse.com/709771"
},
{
"category": "external",
"summary": "SUSE Bug 711539 for CVE-2011-1835",
"url": "https://bugzilla.suse.com/711539"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.x86_64",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.aarch64",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.ppc64le",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.s390x",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.x86_64",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2011-1835"
},
{
"cve": "CVE-2011-1836",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-1836"
}
],
"notes": [
{
"category": "general",
"text": "utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.x86_64",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.aarch64",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.ppc64le",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.s390x",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.x86_64",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-1836",
"url": "https://www.suse.com/security/cve/CVE-2011-1836"
},
{
"category": "external",
"summary": "SUSE Bug 709771 for CVE-2011-1836",
"url": "https://bugzilla.suse.com/709771"
},
{
"category": "external",
"summary": "SUSE Bug 711539 for CVE-2011-1836",
"url": "https://bugzilla.suse.com/711539"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.x86_64",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.aarch64",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.ppc64le",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.s390x",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.x86_64",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2011-1836"
},
{
"cve": "CVE-2011-1837",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-1837"
}
],
"notes": [
{
"category": "general",
"text": "The lock-counter implementation in utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 allows local users to overwrite arbitrary files via unspecified vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.x86_64",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.aarch64",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.ppc64le",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.s390x",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.x86_64",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-1837",
"url": "https://www.suse.com/security/cve/CVE-2011-1837"
},
{
"category": "external",
"summary": "SUSE Bug 709771 for CVE-2011-1837",
"url": "https://bugzilla.suse.com/709771"
},
{
"category": "external",
"summary": "SUSE Bug 711539 for CVE-2011-1837",
"url": "https://bugzilla.suse.com/711539"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.x86_64",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.aarch64",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.ppc64le",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.s390x",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.x86_64",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2011-1837"
},
{
"cve": "CVE-2014-9687",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-9687"
}
],
"notes": [
{
"category": "general",
"text": "eCryptfs 104 and earlier uses a default salt to encrypt the mount passphrase, which makes it easier for attackers to obtain user passwords via a brute force attack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.x86_64",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.aarch64",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.ppc64le",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.s390x",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.x86_64",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-9687",
"url": "https://www.suse.com/security/cve/CVE-2014-9687"
},
{
"category": "external",
"summary": "SUSE Bug 920160 for CVE-2014-9687",
"url": "https://bugzilla.suse.com/920160"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.x86_64",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.aarch64",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.ppc64le",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.s390x",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.x86_64",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-9687"
},
{
"cve": "CVE-2016-1572",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-1572"
}
],
"notes": [
{
"category": "general",
"text": "mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated by /proc/$pid.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.x86_64",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.aarch64",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.ppc64le",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.s390x",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.x86_64",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-1572",
"url": "https://www.suse.com/security/cve/CVE-2016-1572"
},
{
"category": "external",
"summary": "SUSE Bug 962052 for CVE-2016-1572",
"url": "https://bugzilla.suse.com/962052"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.x86_64",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.aarch64",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.ppc64le",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.s390x",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.x86_64",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5.x86_64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5.x86_64",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.aarch64",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.ppc64le",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.s390x",
"openSUSE Tumbleweed:libecryptfs1-108-2.5.x86_64",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.aarch64",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.ppc64le",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.s390x",
"openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-1572"
}
]
}
GHSA-5764-Q5MH-RCG7
Vulnerability from github – Published: 2022-05-17 04:50 – Updated: 2022-05-17 04:50
VLAI?
Details
utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process.
{
"affected": [],
"aliases": [
"CVE-2011-1836"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2014-02-15T14:57:00Z",
"severity": "MODERATE"
},
"details": "utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process.",
"id": "GHSA-5764-q5mh-rcg7",
"modified": "2022-05-17T04:50:20Z",
"published": "2022-05-17T04:50:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1836"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"type": "WEB",
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
],
"schema_version": "1.4.0",
"severity": []
}
FKIE_CVE-2011-1836
Vulnerability from fkie_nvd - Published: 2014-02-15 14:57 - Updated: 2025-04-11 00:51
Severity ?
Summary
utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process.
References
| URL | Tags | ||
|---|---|---|---|
| security@ubuntu.com | http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html | ||
| security@ubuntu.com | http://www.ubuntu.com/usn/USN-1188-1 | ||
| security@ubuntu.com | https://bugzilla.redhat.com/show_bug.cgi?id=729465 | Vendor Advisory | |
| security@ubuntu.com | https://launchpad.net/ecryptfs/+download | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-1188-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=729465 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.net/ecryptfs/+download |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ecryptfs | ecryptfs-utils | * | |
| ecryptfs | ecryptfs-utils | 62 | |
| ecryptfs | ecryptfs-utils | 63 | |
| ecryptfs | ecryptfs-utils | 64 | |
| ecryptfs | ecryptfs-utils | 65 | |
| ecryptfs | ecryptfs-utils | 66 | |
| ecryptfs | ecryptfs-utils | 67 | |
| ecryptfs | ecryptfs-utils | 68 | |
| ecryptfs | ecryptfs-utils | 69 | |
| ecryptfs | ecryptfs-utils | 70 | |
| ecryptfs | ecryptfs-utils | 71 | |
| ecryptfs | ecryptfs-utils | 72 | |
| ecryptfs | ecryptfs-utils | 73 | |
| ecryptfs | ecryptfs-utils | 74 | |
| ecryptfs | ecryptfs-utils | 75 | |
| ecryptfs | ecryptfs-utils | 76 | |
| ecryptfs | ecryptfs-utils | 77 | |
| ecryptfs | ecryptfs-utils | 78 | |
| ecryptfs | ecryptfs-utils | 79 | |
| ecryptfs | ecryptfs-utils | 80 | |
| ecryptfs | ecryptfs-utils | 81 | |
| ecryptfs | ecryptfs-utils | 82 | |
| ecryptfs | ecryptfs-utils | 83 | |
| ecryptfs | ecryptfs-utils | 84 | |
| ecryptfs | ecryptfs-utils | 85 | |
| ecryptfs | ecryptfs-utils | 86 | |
| ecryptfs | ecryptfs-utils | 87 | |
| ecryptfs | ecryptfs_utils | 58 | |
| ecryptfs | ecryptfs_utils | 59 | |
| ecryptfs | ecryptfs_utils | 60 | |
| ecryptfs | ecryptfs_utils | 61 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E226CD-F9E6-4B09-93B9-569D0FBDE943",
"versionEndIncluding": "89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:62:*:*:*:*:*:*:*",
"matchCriteriaId": "D197F4A3-473A-48FF-9C7F-658C6C1A6447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:63:*:*:*:*:*:*:*",
"matchCriteriaId": "723E43D2-1130-424E-915E-1A6272FCEB41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:64:*:*:*:*:*:*:*",
"matchCriteriaId": "E01C51EC-BE54-48B9-B9A5-740836C97B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:65:*:*:*:*:*:*:*",
"matchCriteriaId": "0AFDA6DA-B6D7-4AAC-9288-A6AA459BE69B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:66:*:*:*:*:*:*:*",
"matchCriteriaId": "FC251173-56EF-47A9-A119-F9C274BAD2CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:67:*:*:*:*:*:*:*",
"matchCriteriaId": "605ABD47-0352-49ED-A144-7C5696E38C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:68:*:*:*:*:*:*:*",
"matchCriteriaId": "93457510-CCBF-4D63-B308-060BBAC06D2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:69:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C9AC87-2A7B-45B5-BE9C-8244B777FAA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:70:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC81566-A73B-463B-86AE-D81B25C5849E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:71:*:*:*:*:*:*:*",
"matchCriteriaId": "DD2BA072-A019-42FA-946D-53E01AC034AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:72:*:*:*:*:*:*:*",
"matchCriteriaId": "77BDB4AC-112A-4CE9-88C7-4DEC352C7766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:73:*:*:*:*:*:*:*",
"matchCriteriaId": "574C934F-BDE7-4917-B24D-586DF6E148F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:74:*:*:*:*:*:*:*",
"matchCriteriaId": "74DB67B9-A924-4228-918F-322838B74E48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:75:*:*:*:*:*:*:*",
"matchCriteriaId": "6916E70E-C639-4880-83AC-5A90C589FFDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:76:*:*:*:*:*:*:*",
"matchCriteriaId": "CF0B9852-4258-4963-98C4-7FED40BB0BC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:77:*:*:*:*:*:*:*",
"matchCriteriaId": "A1862F4F-D023-4C9E-B2CD-F6DF282AB351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:78:*:*:*:*:*:*:*",
"matchCriteriaId": "6A905D1F-F329-451E-92E1-E3AEA75000BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:79:*:*:*:*:*:*:*",
"matchCriteriaId": "3CBD61AB-AE3C-4B21-A369-F38ED20489F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:80:*:*:*:*:*:*:*",
"matchCriteriaId": "06DC6EF5-1192-4186-B99B-9615BF74F7B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:81:*:*:*:*:*:*:*",
"matchCriteriaId": "F16E0B1E-C7FA-48D3-ACE1-5CCC4C8E3319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:82:*:*:*:*:*:*:*",
"matchCriteriaId": "6FD6A8D7-2FEE-43B6-A6C2-C18A13A0E870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:83:*:*:*:*:*:*:*",
"matchCriteriaId": "181A9F89-9B45-4025-BB7F-42B0AF6CB534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:84:*:*:*:*:*:*:*",
"matchCriteriaId": "CC38EDAA-BF0C-4BE3-9151-995A329B6653",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:85:*:*:*:*:*:*:*",
"matchCriteriaId": "BE16EEF5-2EC2-4D35-8D0A-778E5F647600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:86:*:*:*:*:*:*:*",
"matchCriteriaId": "F7759293-210E-498E-BF9C-E11A748174CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs-utils:87:*:*:*:*:*:*:*",
"matchCriteriaId": "0A41D43F-E57C-41CB-A121-D1E3692900B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:58:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A6D32-8A3D-4A25-BF1E-2ED812539F00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:59:*:*:*:*:*:*:*",
"matchCriteriaId": "AB9630D3-DE46-4C60-A9B0-57B8B9B3C857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:60:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE4E253-4CE1-4122-8FFA-974A466D309B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:61:*:*:*:*:*:*:*",
"matchCriteriaId": "74A6D874-CFFC-49C8-8BB0-DC5DA52E5A16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process."
},
{
"lang": "es",
"value": "utils/ecryptfs-recover-private en ecryptfs-utils anterior a 90 no establece un subdirectorio con permisos seguros, lo que podr\u00eda permitir a usuarios locales evadir las restricciones de acceso a trav\u00e9s de operaciones est\u00e1ndar del sistema de ficheros durante el proceso de recuperaci\u00f3n."
}
],
"id": "CVE-2011-1836",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-15T14:57:06.363",
"references": [
{
"source": "security@ubuntu.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"source": "security@ubuntu.com",
"url": "http://www.ubuntu.com/usn/USN-1188-1"
},
{
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"source": "security@ubuntu.com",
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1188-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://launchpad.net/ecryptfs/+download"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GSD-2011-1836
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2011-1836",
"description": "utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process.",
"id": "GSD-2011-1836",
"references": [
"https://www.suse.com/security/cve/CVE-2011-1836.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2011-1836"
],
"details": "utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process.",
"id": "GSD-2011-1836",
"modified": "2023-12-13T01:19:08.579958Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2011-1836",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2011:0898",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"name": "https://launchpad.net/ecryptfs/+download",
"refsource": "CONFIRM",
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=729465",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ecryptfs:ecryptfs-utils:65:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecryptfs:ecryptfs-utils:62:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecryptfs:ecryptfs-utils:70:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecryptfs:ecryptfs-utils:71:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecryptfs:ecryptfs-utils:78:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecryptfs:ecryptfs-utils:79:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecryptfs:ecryptfs-utils:86:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecryptfs:ecryptfs-utils:87:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecryptfs:ecryptfs-utils:66:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecryptfs:ecryptfs-utils:74:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecryptfs:ecryptfs-utils:75:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecryptfs:ecryptfs-utils:82:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecryptfs:ecryptfs-utils:83:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecryptfs:ecryptfs_utils:60:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecryptfs:ecryptfs_utils:59:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecryptfs:ecryptfs_utils:58:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecryptfs:ecryptfs-utils:67:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecryptfs:ecryptfs-utils:68:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecryptfs:ecryptfs-utils:69:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecryptfs:ecryptfs-utils:76:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecryptfs:ecryptfs-utils:77:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecryptfs:ecryptfs-utils:84:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecryptfs:ecryptfs-utils:85:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecryptfs:ecryptfs-utils:63:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecryptfs:ecryptfs-utils:64:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecryptfs:ecryptfs-utils:72:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecryptfs:ecryptfs-utils:73:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecryptfs:ecryptfs-utils:80:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecryptfs:ecryptfs-utils:81:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecryptfs:ecryptfs-utils:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "89",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecryptfs:ecryptfs_utils:61:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2011-1836"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=729465",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "https://launchpad.net/ecryptfs/+download",
"refsource": "CONFIRM",
"tags": [],
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"name": "USN-1188-1",
"refsource": "UBUNTU",
"tags": [],
"url": "http://www.ubuntu.com/usn/USN-1188-1"
},
{
"name": "SUSE-SU-2011:0898",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2014-03-08T04:47Z",
"publishedDate": "2014-02-15T14:57Z"
}
}
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…