Executive Summary

Informations
Name CVE-2011-3145 First vendor Publication 2019-04-22
Vendor Cve Last vendor Modification 2019-10-09

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Overall CVSS Score 9.8
Base Score 9.8 Environmental Score 9.8
impact SubScore 5.9 Temporal Score 9.8
Exploitabality Sub Score 3.9
 
Attack Vector Network Attack Complexity Low
Privileges Required None User Interaction None
Scope Unchanged Confidentiality Impact High
Integrity Impact High Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfs_private.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3145

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-254 Security Features

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:14168
 
Oval ID: oval:org.mitre.oval:def:14168
Title: USN-1196-1 -- ecryptfs-utils vulnerability
Description: ecryptfs-utils: ecryptfs cryptographic filesystem An attacker could use eCryptfs to unmount arbitrary locations and cause a denial of service.
Family: unix Class: patch
Reference(s): USN-1196-1
CVE-2011-3145
Version: 5
Platform(s): Ubuntu 11.04
Ubuntu 10.04
Ubuntu 10.10
Product(s): ecryptfs-utils
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15419
 
Oval ID: oval:org.mitre.oval:def:15419
Title: DSA-2382-1 ecryptfs-utils -- multiple
Description: Several problems have been discovered in ecryptfs-utils, a cryptographic filesystem for Linux. CVE-2011-1831 Vasiliy Kulikov of Openwall and Dan Rosenberg discovered that eCryptfs incorrectly validated permissions on the requested mountpoint. A local attacker could use this flaw to mount to arbitrary locations, leading to privilege escalation. CVE-2011-1832 Vasiliy Kulikov of Openwall and Dan Rosenberg discovered that eCryptfs incorrectly validated permissions on the requested mountpoint. A local attacker could use this flaw to unmount to arbitrary locations, leading to a denial of service. CVE-2011-1834 Dan Rosenberg and Marc Deslauriers discovered that eCryptfs incorrectly handled modifications to the mtab file when an error occurs. A local attacker could use this flaw to corrupt the mtab file, and possibly unmount arbitrary locations, leading to a denial of service. CVE-2011-1835 Marc Deslauriers discovered that eCryptfs incorrectly handled keys when setting up an encrypted private directory. A local attacker could use this flaw to manipulate keys during creation of a new user. CVE-2011-1837 Vasiliy Kulikov of Openwall discovered that eCryptfs incorrectly handled lock counters. A local attacker could use this flaw to possibly overwrite arbitrary files. We acknowledge the work of the Ubuntu distribution in preparing patches suitable for near-direct inclusion in the Debian package.
Family: unix Class: patch
Reference(s): DSA-2382-1
CVE-2011-1831
CVE-2011-1832
CVE-2011-1834
CVE-2011-1835
CVE-2011-1837
CVE-2011-3145
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): ecryptfs-utils
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21842
 
Oval ID: oval:org.mitre.oval:def:21842
Title: RHSA-2011:1241: ecryptfs-utils security update (Moderate)
Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Family: unix Class: patch
Reference(s): RHSA-2011:1241-01
CESA-2011:1241
CVE-2011-1831
CVE-2011-1832
CVE-2011-1834
CVE-2011-1835
CVE-2011-1837
CVE-2011-3145
Version: 52
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
CentOS Linux 5
CentOS Linux 6
Product(s): ecryptfs-utils
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23378
 
Oval ID: oval:org.mitre.oval:def:23378
Title: DEPRECATED: ELSA-2011:1241: ecryptfs-utils security update (Moderate)
Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Family: unix Class: patch
Reference(s): ELSA-2011:1241-01
CVE-2011-1831
CVE-2011-1832
CVE-2011-1834
CVE-2011-1835
CVE-2011-1837
CVE-2011-3145
Version: 30
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): ecryptfs-utils
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23427
 
Oval ID: oval:org.mitre.oval:def:23427
Title: ELSA-2011:1241: ecryptfs-utils security update (Moderate)
Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Family: unix Class: patch
Reference(s): ELSA-2011:1241-01
CVE-2011-1831
CVE-2011-1832
CVE-2011-1834
CVE-2011-1835
CVE-2011-1837
CVE-2011-3145
Version: 29
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): ecryptfs-utils
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27939
 
Oval ID: oval:org.mitre.oval:def:27939
Title: DEPRECATED: ELSA-2011-1241 -- ecryptfs-utils security update (moderate)
Description: [82-6.3] - do not forget to set the group id in mount.ecryptfs_private [82-6.2] - fix regression in ecryptfs-setup-private [82-6.1] - security fixes: - privilege escalation via mountpoint race conditions (CVE-2011-1831, CVE-2011-1832) - race condition when checking source during mount (CVE-2011-1833) - mtab corruption via improper handling (CVE-2011-1834) - key poisoning via insecure temp directory handling (CVE-2011-1835) - arbitrary file overwrite via lock counter race (CVE-2011-1837)
Family: unix Class: patch
Reference(s): ELSA-2011-1241
CVE-2011-1831
CVE-2011-1832
CVE-2011-1834
CVE-2011-1835
CVE-2011-1837
CVE-2011-3145
Version: 4
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): ecryptfs-utils
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

OpenVAS Exploits

Date Description
2012-07-30 Name : CentOS Update for ecryptfs-utils-75-5.el5_ CESA-2011:1241 centos5 x86_64
File : nvt/gb_CESA-2011_1241_ecryptfs-utils-75-5.el5__centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for kernel CESA-2011:1386 centos5 x86_64
File : nvt/gb_CESA-2011_1386_kernel_centos5_x86_64.nasl
2012-07-09 Name : RedHat Update for kernel RHSA-2011:1350-01
File : nvt/gb_RHSA-2011_1350-01_kernel.nasl
2012-03-19 Name : Fedora Update for ecryptfs-utils FEDORA-2011-11871
File : nvt/gb_fedora_2011_11871_ecryptfs-utils_fc16.nasl
2012-02-11 Name : Debian Security Advisory DSA 2382-1 (ecryptfs-utils)
File : nvt/deb_2382_1.nasl
2011-10-21 Name : CentOS Update for kernel CESA-2011:1386 centos5 i386
File : nvt/gb_CESA-2011_1386_kernel_centos5_i386.nasl
2011-10-21 Name : RedHat Update for kernel RHSA-2011:1386-01
File : nvt/gb_RHSA-2011_1386-01_kernel.nasl
2011-09-23 Name : CentOS Update for ecryptfs-utils-75-5.el5_ CESA-2011:1241 centos5 i386
File : nvt/gb_CESA-2011_1241_ecryptfs-utils-75-5.el5__centos5_i386.nasl
2011-09-16 Name : Fedora Update for ecryptfs-utils FEDORA-2011-11936
File : nvt/gb_fedora_2011_11936_ecryptfs-utils_fc15.nasl
2011-09-16 Name : Fedora Update for ecryptfs-utils FEDORA-2011-11979
File : nvt/gb_fedora_2011_11979_ecryptfs-utils_fc14.nasl
2011-09-07 Name : RedHat Update for ecryptfs-utils RHSA-2011:1241-01
File : nvt/gb_RHSA-2011_1241-01_ecryptfs-utils.nasl
2011-08-27 Name : Ubuntu Update for ecryptfs-utils USN-1196-1
File : nvt/gb_ubuntu_USN_1196_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
74869 ecryptfs-utils mtab Permission Manipulation Arbitrary Location Unmount DoS

Nessus® Vulnerability Scanner

Date Description
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_ecryptfs-utils-111214.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_ecryptfs-utils-111214.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-1386.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-1350.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-1241.nasl - Type : ACT_GATHER_INFO
2013-01-25 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_ecryptfs-utils-120420.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110831_ecryptfs_utils_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-01-12 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2382.nasl - Type : ACT_GATHER_INFO
2011-10-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1386.nasl - Type : ACT_GATHER_INFO
2011-10-21 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-1386.nasl - Type : ACT_GATHER_INFO
2011-10-06 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1350.nasl - Type : ACT_GATHER_INFO
2011-10-03 Name : The remote Fedora host is missing a security update.
File : fedora_2011-11871.nasl - Type : ACT_GATHER_INFO
2011-09-23 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-1241.nasl - Type : ACT_GATHER_INFO
2011-09-15 Name : The remote Fedora host is missing a security update.
File : fedora_2011-11979.nasl - Type : ACT_GATHER_INFO
2011-09-15 Name : The remote Fedora host is missing a security update.
File : fedora_2011-11936.nasl - Type : ACT_GATHER_INFO
2011-09-01 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1241.nasl - Type : ACT_GATHER_INFO
2011-08-24 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1196-1.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
MISC http://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/558

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
Date Informations
2021-05-04 12:15:19
  • Multiple Updates
2021-04-22 01:16:53
  • Multiple Updates
2020-05-23 00:30:56
  • Multiple Updates
2019-10-10 05:19:27
  • Multiple Updates
2019-04-29 21:19:19
  • Multiple Updates
2019-04-22 21:19:05
  • First insertion