Vulnerability Name:

CVE-2011-3145 (CCN-69382)

Assigned:2011-08-23
Published:2011-08-23
Updated:2019-10-09
Summary:When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfs_private.
CVSS v3 Severity:9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.6 Medium (REDHAT CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.4 Low (REDHAT Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-254
Vulnerability Consequences:Bypass Security
References:Source: MISC
Type: Patch, Third Party Advisory
http://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/558

Source: MITRE
Type: CNA
CVE-2011-3145

Source: CCN
Type: eCryptfs Web page
eCryptfs

Source: CCN
Type: RHSA-2011-1241
Moderate: ecryptfs-utils security update

Source: DEBIAN
Type: DSA-2382
ecryptfs-utils -- multiple vulnerabilities

Source: CCN
Type: OSVDB ID: 74869
ecryptfs-utils mtab Permission Manipulation Arbitrary Location Unmount DoS

Source: CCN
Type: BID-49287
eCryptfs 'mtab' Security Bypass Vulnerability

Source: CCN
Type: USN-1196-1
ecryptfs-utils vulnerability

Source: XF
Type: UNKNOWN
ecryptfs-mtab-security-bypass(69382)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:mount.ecrpytfs_private_project:mount.ecrpytfs_private:-:*:*:*:*:*:*:*

  • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

  • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

  • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

  • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

  • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

  • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:ecryptfs:ecryptfs_utils:45:*:*:*:*:*:*:*
  • OR cpe:/a:ecryptfs:ecryptfs_utils:46:*:*:*:*:*:*:*
  • OR cpe:/a:ecryptfs:ecryptfs_utils:47:*:*:*:*:*:*:*
  • OR cpe:/a:ecryptfs:ecryptfs_utils:48:*:*:*:*:*:*:*
  • OR cpe:/a:ecryptfs:ecryptfs_utils:49:*:*:*:*:*:*:*
  • OR cpe:/a:ecryptfs:ecryptfs_utils:50:*:*:*:*:*:*:*
  • OR cpe:/a:ecryptfs:ecryptfs_utils:51:*:*:*:*:*:*:*
  • OR cpe:/a:ecryptfs:ecryptfs_utils:53:*:*:*:*:*:*:*
  • OR cpe:/a:ecryptfs:ecryptfs_utils:54:*:*:*:*:*:*:*
  • OR cpe:/a:ecryptfs:ecryptfs_utils:55:*:*:*:*:*:*:*
  • OR cpe:/a:ecryptfs:ecryptfs_utils:56:*:*:*:*:*:*:*
  • OR cpe:/a:ecryptfs:ecryptfs_utils:57:*:*:*:*:*:*:*
  • OR cpe:/a:ecryptfs:ecryptfs_utils:58:*:*:*:*:*:*:*
  • OR cpe:/a:ecryptfs:ecryptfs_utils:59:*:*:*:*:*:*:*
  • OR cpe:/a:ecryptfs:ecryptfs_utils:60:*:*:*:*:*:*:*
  • OR cpe:/a:ecryptfs:ecryptfs_utils:61:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6:*:server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6:*:workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_server_eus:6.1.z:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:42294
    P
    Security update for curl (Important)
    2022-05-27
    oval:org.opensuse.security:def:20113145
    V
    CVE-2011-3145
    2022-05-20
    oval:org.opensuse.security:def:31721
    P
    Security update for log4j (Important)
    2021-12-17
    oval:org.opensuse.security:def:32237
    P
    Security update for glib-networking (Important)
    2021-12-13
    oval:org.opensuse.security:def:33055
    P
    Security update for clamav (Moderate)
    2021-12-01
    oval:org.opensuse.security:def:32226
    P
    Security update for webkit2gtk3 (Important)
    2021-11-23
    oval:org.opensuse.security:def:32225
    P
    Security update for postgresql10 (Important)
    2021-11-22
    oval:org.opensuse.security:def:26169
    P
    Security update for postgresql, postgresql13, postgresql14 (Important)
    2021-11-20
    oval:org.opensuse.security:def:33039
    P
    Security update for binutils (Moderate)
    2021-11-09
    oval:org.opensuse.security:def:33732
    P
    Security update for opensc (Important)
    2021-10-29
    oval:org.opensuse.security:def:26155
    P
    Security update for cairo (Low)
    2021-10-22
    oval:org.opensuse.security:def:32191
    P
    Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)
    2021-09-23
    oval:org.opensuse.security:def:33011
    P
    Security update for hivex (Moderate)
    2021-09-23
    oval:org.opensuse.security:def:26116
    P
    Security update for apache2 (Important)
    2021-09-02
    oval:org.opensuse.security:def:32174
    P
    Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)
    2021-08-25
    oval:org.opensuse.security:def:32988
    P
    Security update for aspell (Important)
    2021-08-25
    oval:org.opensuse.security:def:31667
    P
    Security update for fetchmail (Moderate)
    2021-08-18
    oval:org.opensuse.security:def:31664
    P
    Security update for cpio (Important)
    2021-08-14
    oval:org.opensuse.security:def:33693
    P
    Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:26090
    P
    Security update for systemd (Moderate)
    2021-07-20
    oval:org.opensuse.security:def:32130
    P
    Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP3) (Important)
    2021-06-18
    oval:org.opensuse.security:def:32949
    P
    Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:36115
    P
    ecryptfs-utils-32bit-61-1.33.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:42522
    P
    ecryptfs-utils-32bit-61-1.33.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:26067
    P
    Security update for MozillaFirefox (Important)
    2021-06-08
    oval:org.opensuse.security:def:32108
    P
    Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)
    2021-06-04
    oval:org.opensuse.security:def:32900
    P
    Security update for sudo (Important)
    2021-04-20
    oval:org.opensuse.security:def:32069
    P
    Security update for xorg-x11-server (Important)
    2021-04-14
    oval:org.opensuse.security:def:31366
    P
    Security update for wavpack (Important)
    2021-03-24
    oval:org.opensuse.security:def:28962
    P
    Security update for nghttp2 (Important)
    2021-03-24
    oval:org.opensuse.security:def:26213
    P
    Security update for evolution-data-server (Moderate)
    2021-03-19
    oval:org.opensuse.security:def:31355
    P
    Security update for git (Important)
    2021-03-09
    oval:org.opensuse.security:def:31354
    P
    Security update for wpa_supplicant (Important)
    2021-03-09
    oval:org.opensuse.security:def:28945
    P
    Security update for python-cryptography (Important)
    2021-03-02
    oval:org.opensuse.security:def:33078
    P
    Security update for krb5-appl (Important)
    2021-02-19
    oval:org.opensuse.security:def:32247
    P
    Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP3) (Important)
    2021-02-10
    oval:org.opensuse.security:def:31572
    P
    Security update for xen (Moderate)
    2020-12-29
    oval:org.opensuse.security:def:32020
    P
    Security update for cyrus-sasl (Important)
    2020-12-28
    oval:org.opensuse.security:def:28857
    P
    Security update for gdm (Important)
    2020-12-03
    oval:org.opensuse.security:def:35887
    P
    ecryptfs-utils-32bit-61-1.33.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:32687
    P
    kbd on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26440
    P
    Security update for chromium (Important)
    2020-12-01
    oval:org.opensuse.security:def:28216
    P
    Security update for libquicktime (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31948
    P
    Security update for gpg2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:25664
    P
    Security update for ImageMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28425
    P
    Security update for wireshark (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26886
    P
    ecryptfs-utils-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25740
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:31964
    P
    Security update for icu (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25449
    P
    Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:28651
    P
    Security update for curl (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32357
    P
    Security update for squid3 (Important)
    2020-12-01
    oval:org.opensuse.security:def:26006
    P
    Security update for mariadb (Important)
    2020-12-01
    oval:org.opensuse.security:def:25722
    P
    Security update for ovmf (Low)
    2020-12-01
    oval:org.opensuse.security:def:28906
    P
    Security update for flash-player (Important)
    2020-12-01
    oval:org.opensuse.security:def:32314
    P
    Security update for rpcbind (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26294
    P
    Security update for bluez (Important)
    2020-12-01
    oval:org.opensuse.security:def:32812
    P
    yast2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31593
    P
    Security update for tiff (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26014
    P
    Security update for mariadb (Important)
    2020-12-01
    oval:org.opensuse.security:def:29006
    P
    Security update for gnutls (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32600
    P
    quagga on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26396
    P
    Security update for chromium (Important)
    2020-12-01
    oval:org.opensuse.security:def:28215
    P
    Security update for libpng12-0 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31891
    P
    Security update for expat (Important)
    2020-12-01
    oval:org.opensuse.security:def:27113
    P
    ecryptfs-utils-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28294
    P
    Recommended update for ncurses (Important)
    2020-12-01
    oval:org.opensuse.security:def:26851
    P
    Mesa-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25676
    P
    Security update for postgresql, postgresql96, postgresql10 and postgresql12 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31808
    P
    Security update for apache2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25438
    P
    Security update for binutils (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28567
    P
    Security update for krb5
    2020-12-01
    oval:org.opensuse.security:def:32335
    P
    Security update for samba (Important)
    2020-12-01
    oval:org.opensuse.security:def:25949
    P
    Security update for icu (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25641
    P
    Security update for bcm43xx-firmware (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26241
    P
    Security update for evolution (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31582
    P
    Security update for tar (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25863
    P
    Security update for ImageMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32543
    P
    lcms on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26382
    P
    Security update for ffmpeg (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31799
    P
    Security update for SDL (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29680
    P
    Security update for ecryptfs-utils
    2020-12-01
    oval:org.opensuse.security:def:31440
    P
    Security update for php53 (Important)
    2020-12-01
    oval:org.opensuse.security:def:32843
    P
    curl on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27078
    P
    amavisd-new on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28227
    P
    Security update for libssh2_org (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32035
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:25665
    P
    Security update for libqt5-qtbase (Important)
    2020-12-01
    oval:org.opensuse.security:def:25437
    P
    Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:28510
    P
    Security update for openssl1 (Important)
    2020-12-01
    oval:org.opensuse.security:def:32296
    P
    Security update for procmail (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25868
    P
    Security update for pcre (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25513
    P
    Security update for java-11-openjdk (Important)
    2020-12-01
    oval:org.opensuse.security:def:28803
    P
    Security update for openssl-certs
    2020-12-01
    oval:org.opensuse.security:def:32401
    P
    Security update for vim (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31581
    P
    Security update for tar (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25779
    P
    Security update for the SUSE Linux Enterprise 12 kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:32449
    P
    Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:26343
    P
    Security update for MozillaThunderbird (Important)
    2020-12-01
    oval:org.opensuse.security:def:32851
    P
    ecryptfs-utils-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29644
    P
    Security update for cups (Important)
    2020-12-01
    oval:org.mitre.oval:def:14168
    P
    USN-1196-1 -- ecryptfs-utils vulnerability
    2014-06-30
    oval:org.mitre.oval:def:15419
    P
    DSA-2382-1 ecryptfs-utils -- multiple
    2014-06-23
    oval:org.mitre.oval:def:23427
    P
    ELSA-2011:1241: ecryptfs-utils security update (Moderate)
    2014-05-26
    oval:org.mitre.oval:def:21842
    P
    RHSA-2011:1241: ecryptfs-utils security update (Moderate)
    2014-02-24
    oval:com.redhat.rhsa:def:20111241
    P
    RHSA-2011:1241: ecryptfs-utils security update (Moderate)
    2011-08-31
    BACK
    mount.ecrpytfs_private_project mount.ecrpytfs private -
    ecryptfs ecryptfs utils 45
    ecryptfs ecryptfs utils 46
    ecryptfs ecryptfs utils 47
    ecryptfs ecryptfs utils 48
    ecryptfs ecryptfs utils 49
    ecryptfs ecryptfs utils 50
    ecryptfs ecryptfs utils 51
    ecryptfs ecryptfs utils 53
    ecryptfs ecryptfs utils 54
    ecryptfs ecryptfs utils 55
    ecryptfs ecryptfs utils 56
    ecryptfs ecryptfs utils 57
    ecryptfs ecryptfs utils 58
    ecryptfs ecryptfs utils 59
    ecryptfs ecryptfs utils 60
    ecryptfs ecryptfs utils 61
    canonical ubuntu linux 10.04
    canonical ubuntu linux 10.10
    canonical ubuntu linux 11.04
    redhat enterprise linux 5
    redhat enterprise linux 5
    redhat enterprise linux 5
    redhat enterprise linux 6
    redhat enterprise linux 6
    redhat enterprise linux desktop 6
    redhat enterprise linux hpc node 6
    redhat enterprise linux server eus 6.1.z