CVE-2016-1572

Published: 20 January 2016

mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated by /proc/$pid.

Priority

Medium

CVSS 3 base score: 8.4

Status

Package Release Status
ecryptfs-utils
Launchpad, Ubuntu, Debian
Upstream
Released (109)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (109-0ubuntu1)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (104-0ubuntu1.14.04.4)
Patches:
Upstream: https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/870