Your submission was sent successfully! Close

CVE-2016-1572

Published: 20 January 2016

mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated by /proc/$pid.

Priority

Medium

CVSS 3 base score: 8.4

Status

Package Release Status
ecryptfs-utils
Launchpad, Ubuntu, Debian
precise
Released (96-0ubuntu3.5)
trusty
Released (104-0ubuntu1.14.04.4)
upstream
Released (109)
vivid
Released (107-0ubuntu1.3)
wily
Released (108-0ubuntu1.1)
Patches:
upstream: https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/870