Lucene search

CanonicalCVELIST:CVE-2016-1572

HistoryJan 22, 2016 - 3:00 p.m.

CVE-2016-1572

2016-01-2215:00:00

canonical

www.cve.org

AI Score

8.2

Confidence

High

EPSS

0.001

Percentile

49.1%

JSON

mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated by /proc/$pid.

References

lists.fedoraproject.org/pipermail/package-announce/2016-February/177359.html

lists.fedoraproject.org/pipermail/package-announce/2016-February/177396.html

lists.opensuse.org/opensuse-updates/2016-01/msg00091.html

lists.opensuse.org/opensuse-updates/2016-01/msg00118.html

lists.opensuse.org/opensuse-updates/2016-02/msg00004.html

www.debian.org/security/2016/dsa-3450

www.openwall.com/lists/oss-security/2016/01/20/6

www.securitytracker.com/id/1034791

www.ubuntu.com/usn/USN-2876-1

bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/870

bugs.launchpad.net/ecryptfs/+bug/1530566