Vulnerability Details : CVE-2011-1835
The encrypted private-directory setup process in utils/ecryptfs-setup-private in ecryptfs-utils before 90 does not properly ensure that the passphrase file is created, which might allow local users to bypass intended access restrictions at a certain time in the new-user creation steps.
Exploit prediction scoring system (EPSS) score for CVE-2011-1835
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-1835
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
4.4
|
MEDIUM | AV:L/AC:M/Au:N/C:P/I:P/A:P |
3.4
|
6.4
|
NIST |
CWE ids for CVE-2011-1835
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-1835
-
https://bugzilla.redhat.com/show_bug.cgi?id=729465
729465 – (CVE-2011-1831, CVE-2011-1832, CVE-2011-1834, CVE-2011-1835, CVE-2011-1837) CVE-2011-1831 CVE-2011-1832 CVE-2011-1834 CVE-2011-1835 CVE-2011-1837 ecryptfs: multiple flaws to mount/umount arbiVendor Advisory
-
http://www.ubuntu.com/usn/USN-1188-1
USN-1188-1: eCryptfs vulnerabilities | Ubuntu security notices
-
https://launchpad.net/ecryptfs/+download
eCryptfs project files : eCryptfs
-
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html
[security-announce] SUSE-SU-2011:0898-1: important: Security update for
Products affected by CVE-2011-1835
- cpe:2.3:a:ecryptfs:ecryptfs_utils:59:*:*:*:*:*:*:*
- cpe:2.3:a:ecryptfs:ecryptfs_utils:60:*:*:*:*:*:*:*
- cpe:2.3:a:ecryptfs:ecryptfs_utils:61:*:*:*:*:*:*:*
- cpe:2.3:a:ecryptfs:ecryptfs_utils:58:*:*:*:*:*:*:*
- cpe:2.3:a:ecryptfs:ecryptfs-utils:*:*:*:*:*:*:*:*
- cpe:2.3:a:ecryptfs:ecryptfs-utils:66:*:*:*:*:*:*:*
- cpe:2.3:a:ecryptfs:ecryptfs-utils:67:*:*:*:*:*:*:*
- cpe:2.3:a:ecryptfs:ecryptfs-utils:74:*:*:*:*:*:*:*
- cpe:2.3:a:ecryptfs:ecryptfs-utils:75:*:*:*:*:*:*:*
- cpe:2.3:a:ecryptfs:ecryptfs-utils:76:*:*:*:*:*:*:*
- cpe:2.3:a:ecryptfs:ecryptfs-utils:83:*:*:*:*:*:*:*
- cpe:2.3:a:ecryptfs:ecryptfs-utils:84:*:*:*:*:*:*:*
- cpe:2.3:a:ecryptfs:ecryptfs-utils:62:*:*:*:*:*:*:*
- cpe:2.3:a:ecryptfs:ecryptfs-utils:63:*:*:*:*:*:*:*
- cpe:2.3:a:ecryptfs:ecryptfs-utils:70:*:*:*:*:*:*:*
- cpe:2.3:a:ecryptfs:ecryptfs-utils:71:*:*:*:*:*:*:*
- cpe:2.3:a:ecryptfs:ecryptfs-utils:79:*:*:*:*:*:*:*
- cpe:2.3:a:ecryptfs:ecryptfs-utils:80:*:*:*:*:*:*:*
- cpe:2.3:a:ecryptfs:ecryptfs-utils:87:*:*:*:*:*:*:*
- cpe:2.3:a:ecryptfs:ecryptfs-utils:68:*:*:*:*:*:*:*
- cpe:2.3:a:ecryptfs:ecryptfs-utils:69:*:*:*:*:*:*:*
- cpe:2.3:a:ecryptfs:ecryptfs-utils:77:*:*:*:*:*:*:*
- cpe:2.3:a:ecryptfs:ecryptfs-utils:78:*:*:*:*:*:*:*
- cpe:2.3:a:ecryptfs:ecryptfs-utils:85:*:*:*:*:*:*:*
- cpe:2.3:a:ecryptfs:ecryptfs-utils:86:*:*:*:*:*:*:*
- cpe:2.3:a:ecryptfs:ecryptfs-utils:64:*:*:*:*:*:*:*
- cpe:2.3:a:ecryptfs:ecryptfs-utils:65:*:*:*:*:*:*:*
- cpe:2.3:a:ecryptfs:ecryptfs-utils:72:*:*:*:*:*:*:*
- cpe:2.3:a:ecryptfs:ecryptfs-utils:73:*:*:*:*:*:*:*
- cpe:2.3:a:ecryptfs:ecryptfs-utils:81:*:*:*:*:*:*:*
- cpe:2.3:a:ecryptfs:ecryptfs-utils:82:*:*:*:*:*:*:*