CVE-2011-1835

Published: 9 August 2011

The encrypted private-directory setup process in utils/ecryptfs-setup-private in ecryptfs-utils before 90 does not properly ensure that the passphrase file is created, which might allow local users to bypass intended access restrictions at a certain time in the new-user creation steps.

Priority

Status

Package	Release	Status
ecryptfs-utils Launchpad, Ubuntu, Debian	upstream	Needs triage
	hardy	Not vulnerable (code not present)
	lucid	Released (83-0ubuntu3.2.10.04.1)
	maverick	Released (83-0ubuntu3.2.10.10.1)
	natty	Released (87-0ubuntu1.1)

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1835
https://ubuntu.com/security/notices/USN-1188-1
NVD
Launchpad
Debian

Bugs

https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/732628

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›