CVE-2011-1836

EUVD-2011-1834
utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.6 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
Affected Products (NVD)
VendorProductVersion
ecryptfsecryptfs-utils
𝑥
≤ 89
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ecryptfs-utils
bookworm
111-6
fixed
bullseye
111-5
fixed
lenny
not-affected
sid
111-7
fixed
squeeze
not-affected
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ecryptfs-utils
hardy
not-affected
lucid
not-affected
maverick
not-affected
natty
Fixed 87-0ubuntu1.1
released
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html
http://www.ubuntu.com/usn/USN-1188-1
https://bugzilla.redhat.com/show_bug.cgi?id=729465
https://launchpad.net/ecryptfs/+download
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html
http://www.ubuntu.com/usn/USN-1188-1
https://bugzilla.redhat.com/show_bug.cgi?id=729465
https://launchpad.net/ecryptfs/+download