Rapid7 Vulnerability & Exploit Database

RHSA-2011:1241: ecryptfs-utils security update

Back to Search

RHSA-2011:1241: ecryptfs-utils security update



eCryptfs is a stacked, cryptographic file system. It is transparent to theunderlying file system and provides per-file granularity. eCryptfs isreleased as a Technology Preview for Red Hat Enterprise Linux 5 and 6.The setuid mount.ecryptfs_private utility allows users to mount an eCryptfsfile system. This utility can only be run by users in the "ecryptfs" group.A race condition flaw was found in the way mount.ecryptfs_private checkedthe permissions of a requested mount point when mounting an encrypted filesystem. A local attacker could possibly use this flaw to escalate theirprivileges by mounting over an arbitrary directory. (CVE-2011-1831)A race condition flaw in umount.ecryptfs_private could allow a localattacker to unmount an arbitrary file system. (CVE-2011-1832)It was found that mount.ecryptfs_private did not handle certain errorscorrectly when updating the mtab (mounted file systems table) file,allowing a local attacker to corrupt the mtab file and possibly unmount anarbitrary file system. (CVE-2011-1834)An insecure temporary file use flaw was found in the ecryptfs-setup-privatescript. A local attacker could use this script to insert their own key thatwill subsequently be used by a new user, possibly giving the attackeraccess to the user's encrypted data if existing file permissions allowaccess. (CVE-2011-1835)A race condition flaw in mount.ecryptfs_private could allow a localattacker to overwrite arbitrary files. (CVE-2011-1837)A race condition flaw in the way temporary files were accessed inmount.ecryptfs_private could allow a malicious, local user to makearbitrary modifications to the mtab file. (CVE-2011-3145)A race condition flaw was found in the way mount.ecryptfs_private checkedthe permissions of the directory to mount. A local attacker could use thisflaw to mount (and then access) a directory they would otherwise not haveaccess to. Note: The fix for this issue is incomplete until a kernel-spacechange is made. Future Red Hat Enterprise Linux 5 and 6 kernel updateswill correct this issue. (CVE-2011-1833)Red Hat would like to thank the Ubuntu Security Team for reporting theseissues. The Ubuntu Security Team acknowledges Vasiliy Kulikov of Openwalland Dan Rosenberg as the original reporters of CVE-2011-1831,CVE-2011-1832, and CVE-2011-1833; Dan Rosenberg and Marc Deslauriers as theoriginal reporters of CVE-2011-1834; Marc Deslauriers as the originalreporter of CVE-2011-1835; and Vasiliy Kulikov of Openwall as the originalreporter of CVE-2011-1837.Users of ecryptfs-utils are advised to upgrade to these updated packages,which contain backported patches to correct these issues.


  • redhat-upgrade-ecryptfs-utils
  • redhat-upgrade-ecryptfs-utils-debuginfo
  • redhat-upgrade-ecryptfs-utils-devel
  • redhat-upgrade-ecryptfs-utils-gui
  • redhat-upgrade-ecryptfs-utils-python

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center