Ecryptfs : Security Vulnerabilities, CVEs, CVSS score >= 4
mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated by /proc/$pid.
Max CVSS
8.4
EPSS Score
0.14%
Published
2016-01-22
Updated
2022-03-23
eCryptfs 104 and earlier uses a default salt to encrypt the mount passphrase, which makes it easier for attackers to obtain user passwords via a brute force attack.
Max CVSS
5.0
EPSS Score
0.32%
Published
2015-03-16
Updated
2016-12-06
ecryptfs-utils: suid helper does not restrict mounting filesystems with nosuid,nodev which creates a possible privilege escalation
Max CVSS
7.8
EPSS Score
0.05%
Published
2019-12-20
Updated
2020-01-03
utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process.
Max CVSS
4.6
EPSS Score
0.04%
Published
2014-02-15
Updated
2014-03-08
The encrypted private-directory setup process in utils/ecryptfs-setup-private in ecryptfs-utils before 90 does not properly ensure that the passphrase file is created, which might allow local users to bypass intended access restrictions at a certain time in the new-user creation steps.
Max CVSS
4.4
EPSS Score
0.04%
Published
2014-02-15
Updated
2014-03-08
utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to effectively replace any directory with a new filesystem, and consequently gain privileges, via a mount system call.
Max CVSS
4.6
EPSS Score
0.04%
Published
2014-02-15
Updated
2014-03-08
The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through 61 in eCryptfs place cleartext passwords on command lines, which allows local users to obtain sensitive information by listing the process.
Max CVSS
7.2
EPSS Score
0.04%
Published
2008-11-21
Updated
2017-09-29
7 vulnerabilities found