Your submission was sent successfully! Close

CVE-2011-1833

Published: 09 August 2011

Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in the eCryptfs subsystem in the Linux kernel before 3.1 allows local users to bypass intended file permissions via a mount.ecryptfs_private mount with a mismatched uid.

From the Ubuntu security team

Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service.

Priority

Low

Status

Package Release Status
ecryptfs-utils
Launchpad, Ubuntu, Debian
Upstream Needs triage

linux
Launchpad, Ubuntu, Debian
Upstream
Released (3.1~rc2)
Patches:
Introduced by 237fead619984cc48818fe12ee0ceada3f55b012
Fixed by 764355487ea220fdc2faf128d577d7f679b91f97
linux-ec2
Launchpad, Ubuntu, Debian
Upstream
Released (3.1~rc2)
linux-fsl-imx51
Launchpad, Ubuntu, Debian
Upstream
Released (3.1~rc2)
linux-lts-backport-maverick
Launchpad, Ubuntu, Debian
Upstream
Released (3.1~rc2)
linux-lts-backport-natty
Launchpad, Ubuntu, Debian
Upstream
Released (3.1~rc2)
linux-lts-backport-oneiric
Launchpad, Ubuntu, Debian
Upstream
Released (3.1~rc2)
linux-mvl-dove
Launchpad, Ubuntu, Debian
Upstream
Released (3.1~rc2)
linux-ti-omap4
Launchpad, Ubuntu, Debian
Upstream
Released (3.1~rc2)