mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated by /proc/$pid.
Max CVSS
8.4
EPSS Score
0.14%
Published
2016-01-22
Updated
2022-03-23
eCryptfs 104 and earlier uses a default salt to encrypt the mount passphrase, which makes it easier for attackers to obtain user passwords via a brute force attack.
Max CVSS
5.0
EPSS Score
0.32%
Published
2015-03-16
Updated
2016-12-06
ecryptfs-utils: suid helper does not restrict mounting filesystems with nosuid,nodev which creates a possible privilege escalation
Max CVSS
7.8
EPSS Score
0.05%
Published
2019-12-20
Updated
2020-01-03
utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process.
Max CVSS
4.6
EPSS Score
0.04%
Published
2014-02-15
Updated
2014-03-08
The encrypted private-directory setup process in utils/ecryptfs-setup-private in ecryptfs-utils before 90 does not properly ensure that the passphrase file is created, which might allow local users to bypass intended access restrictions at a certain time in the new-user creation steps.
Max CVSS
4.4
EPSS Score
0.04%
Published
2014-02-15
Updated
2014-03-08
utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to effectively replace any directory with a new filesystem, and consequently gain privileges, via a mount system call.
Max CVSS
4.6
EPSS Score
0.04%
Published
2014-02-15
Updated
2014-03-08
The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through 61 in eCryptfs place cleartext passwords on command lines, which allows local users to obtain sensitive information by listing the process.
Max CVSS
7.2
EPSS Score
0.04%
Published
2008-11-21
Updated
2017-09-29
7 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!