Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveCanonicalCVE-2011-1835
HistoryFeb 15, 2014 - 2:57 p.m.

CVE-2011-1835

2014-02-1514:57:06
CWE-255
canonical
web.nvd.nist.gov
43
ecryptfs-utils
encrypted private-directory
access restrictions
vulnerability
local users
passphrase file
nvd

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

AI Score

8.6

Confidence

High

EPSS

0

Percentile

5.1%

JSON

The encrypted private-directory setup process in utils/ecryptfs-setup-private in ecryptfs-utils before 90 does not properly ensure that the passphrase file is created, which might allow local users to bypass intended access restrictions at a certain time in the new-user creation steps.

Affected configurations

Nvd
Node
ecryptfsecryptfs-utilsRange89
OR
ecryptfsecryptfs-utilsMatch62
OR
ecryptfsecryptfs-utilsMatch63
OR
ecryptfsecryptfs-utilsMatch64
OR
ecryptfsecryptfs-utilsMatch65
OR
ecryptfsecryptfs-utilsMatch66
OR
ecryptfsecryptfs-utilsMatch67
OR
ecryptfsecryptfs-utilsMatch68
OR
ecryptfsecryptfs-utilsMatch69
OR
ecryptfsecryptfs-utilsMatch70
OR
ecryptfsecryptfs-utilsMatch71
OR
ecryptfsecryptfs-utilsMatch72
OR
ecryptfsecryptfs-utilsMatch73
OR
ecryptfsecryptfs-utilsMatch74
OR
ecryptfsecryptfs-utilsMatch75
OR
ecryptfsecryptfs-utilsMatch76
OR
ecryptfsecryptfs-utilsMatch77
OR
ecryptfsecryptfs-utilsMatch78
OR
ecryptfsecryptfs-utilsMatch79
OR
ecryptfsecryptfs-utilsMatch80
OR
ecryptfsecryptfs-utilsMatch81
OR
ecryptfsecryptfs-utilsMatch82
OR
ecryptfsecryptfs-utilsMatch83
OR
ecryptfsecryptfs-utilsMatch84
OR
ecryptfsecryptfs-utilsMatch85
OR
ecryptfsecryptfs-utilsMatch86
OR
ecryptfsecryptfs-utilsMatch87
OR
ecryptfsecryptfs_utilsMatch58
OR
ecryptfsecryptfs_utilsMatch59
OR
ecryptfsecryptfs_utilsMatch60
OR
ecryptfsecryptfs_utilsMatch61
VendorProductVersionCPE
ecryptfsecryptfs-utils67cpe:/a:ecryptfs:ecryptfs-utils:67:::
ecryptfsecryptfs-utils80cpe:/a:ecryptfs:ecryptfs-utils:80:::
ecryptfsecryptfs-utils85cpe:/a:ecryptfs:ecryptfs-utils:85:::
ecryptfsecryptfs_utils58cpe:/a:ecryptfs:ecryptfs_utils:58:::
ecryptfsecryptfs-utils83cpe:/a:ecryptfs:ecryptfs-utils:83:::
ecryptfsecryptfs-utils84cpe:/a:ecryptfs:ecryptfs-utils:84:::
ecryptfsecryptfs-utils62cpe:/a:ecryptfs:ecryptfs-utils:62:::
ecryptfsecryptfs-utils63cpe:/a:ecryptfs:ecryptfs-utils:63:::
ecryptfsecryptfs-utils87cpe:/a:ecryptfs:ecryptfs-utils:87:::
ecryptfsecryptfs-utils71cpe:/a:ecryptfs:ecryptfs-utils:71:::
Rows per page:
1-10 of 311

Related

prion 1
nvd 1
debiancve 1
ubuntucve 1
veracode 1
cvelist 1
osv 1
openvas 21
nessus 12
suse 2
debian 1
fedora 5
oraclelinux 1
securityvulns 2
centos 1
redhat 1
ubuntu 1
prion
prion
Design/Logic Flaw
2014-02-15 14:57:00
nvd
nvd
CVE-2011-1835
2014-02-15 14:57:06
debiancve
debiancve
CVE-2011-1835
2014-02-15 14:57:06
ubuntucve
ubuntucve
CVE-2011-1835
2011-08-09 00:00:00
veracode
veracode
Access Control Bypass
2020-04-10 01:02:46
cvelist
cvelist
CVE-2011-1835
2014-02-15 11:00:00
osv
osv
ecryptfs-utils - multiple
2012-01-07 00:00:00
openvas
openvas
Debian Security Advisory DSA 2382-1 (ecryptfs-utils)
2012-02-11 00:00:00
Debian: Security Advisory (DSA-2382-1)
2012-02-11 00:00:00
Fedora Update for ecryptfs-utils FEDORA-2011-10718
2011-09-07 00:00:00
nessus
nessus
RHEL 5 / 6 : ecryptfs-utils (RHSA-2011:1241)
2011-09-01 00:00:00
openSUSE Security Update : ecryptfs-utils (openSUSE-SU-2011:0902-1)
2014-06-13 00:00:00
openSUSE Security Update : ecryptfs-utils (openSUSE-SU-2011:0902-1)
2014-06-13 00:00:00
suse
suse
ecryptfs-utils: Update to fix various symlink race attacks (important)
2011-08-12 21:08:14
Security update for ecryptfs-utils (important)
2011-08-12 06:08:16
debian
debian
[SECURITY] [DSA 2382-1] ecryptfs-utils security update
2012-01-07 18:48:38
fedora
fedora
[SECURITY] Fedora 15 Update: ecryptfs-utils-90-1.fc15
2011-09-02 05:25:53
[SECURITY] Fedora 15 Update: ecryptfs-utils-90-2.fc15
2011-09-14 22:33:52
[SECURITY] Fedora 14 Update: ecryptfs-utils-90-1.fc14
2011-09-02 05:31:16
oraclelinux
oraclelinux
ecryptfs-utils security update
2011-08-31 00:00:00
securityvulns
securityvulns
[USN-1188-1] eCryptfs vulnerabilities
2011-08-11 00:00:00
eCryptfs multiple security vulnerabilities
2011-08-24 00:00:00
centos
centos
ecryptfs security update
2011-09-01 16:11:04
redhat
redhat
(RHSA-2011:1241) Moderate: ecryptfs-utils security update
2011-08-31 00:00:00
ubuntu
ubuntu
eCryptfs vulnerabilities
2011-08-09 00:00:00

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

AI Score

8.6

Confidence

High

EPSS

0

Percentile

5.1%

JSON
Related for CVE-2011-1835
prion1nvd1debiancve1ubuntucve1veracode1cvelist1osv1openvas21nessus12suse2debian1fedora5oraclelinux1securityvulns2centos1redhat1ubuntu1