CVE-2011-1836

utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.6 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:P/A:P
canonicalCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
VendorProductVersion
ecryptfsecryptfs-utils
𝑥
≤ 89
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ecryptfs-utils
bullseye
111-5
fixed
squeeze
not-affected
lenny
not-affected
bookworm
111-6
fixed
sid
111-7
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ecryptfs-utils
natty
Fixed 87-0ubuntu1.1
released
maverick
not-affected
lucid
not-affected
hardy
not-affected
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html
http://www.ubuntu.com/usn/USN-1188-1
https://bugzilla.redhat.com/show_bug.cgi?id=729465
https://launchpad.net/ecryptfs/+download
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html
http://www.ubuntu.com/usn/USN-1188-1
https://bugzilla.redhat.com/show_bug.cgi?id=729465
https://launchpad.net/ecryptfs/+download