CVE-2014-9687

eCryptfs 104 and earlier uses a default salt to encrypt the mount passphrase, which makes it easier for attackers to obtain user passwords via a brute force attack.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 67%
Affected Products (NVD)
VendorProductVersion
ecryptfsecryptfs-utils
𝑥
≤ 104
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ecryptfs-utils
bookworm
111-6
fixed
bullseye
111-5
fixed
sid
111-7
fixed
squeeze
no-dsa
wheezy
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ecryptfs-utils
lucid
Fixed 83-0ubuntu3.2.10.04.6
released
precise
Fixed 96-0ubuntu3.4
released
trusty
Fixed 104-0ubuntu1.14.04.3
released
utopic
Fixed 104-0ubuntu1.14.10.3
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
ecryptfs-utils-103
suse enterprise sap 12
7.1
fixed
suse enterprise sap 12 SP1
7.1
fixed
suse enterprise sap 12 SP5
8.3.1
fixed
suse enterprise server 12
7.1
fixed
suse enterprise server 12 SP1
7.1
fixed
suse enterprise server 12 SP2
7.1
fixed
suse enterprise server 12 SP3
7.1
fixed
suse enterprise server 12 SP4
8.3.1
fixed
suse enterprise server 12 SP5
8.3.1
fixed
ecryptfs-utils-111
suse enterprise desktop 15
2.31
fixed
suse enterprise desktop 15 SP1
2.31
fixed
suse enterprise desktop 15 SP2
2.31
fixed
suse enterprise desktop 15 SP3
2.31
fixed
suse enterprise desktop 15 SP4
2.31
fixed
suse enterprise desktop 15 SP5
2.31
fixed
suse enterprise desktop 15 SP6
150600.16.3
fixed
suse enterprise desktop 15 SP7
150600.16.3
fixed
suse enterprise sap 15
2.31
fixed
suse enterprise sap 15 SP1
2.31
fixed
suse enterprise sap 15 SP2
2.31
fixed
suse enterprise sap 15 SP3
2.31
fixed
suse enterprise sap 15 SP4
2.31
fixed
suse enterprise sap 15 SP5
2.31
fixed
suse enterprise sap 15 SP6
150600.16.3
fixed
suse enterprise sap 15 SP7
150600.16.3
fixed
suse enterprise server 15
2.31
fixed
suse enterprise server 15 SP1
2.31
fixed
suse enterprise server 15 SP2
2.31
fixed
suse enterprise server 15 SP3
2.31
fixed
suse enterprise server 15 SP4
2.31
fixed
suse enterprise server 15 SP5
2.31
fixed
suse enterprise server 15 SP6
150600.16.3
fixed
suse enterprise server 15 SP7
150600.16.3
fixed
ecryptfs-utils-32bit-103
suse enterprise sap 12
7.1
fixed
suse enterprise sap 12 SP1
7.1
fixed
suse enterprise sap 12 SP5
8.3.1
fixed
suse enterprise server 12
7.1
fixed
suse enterprise server 12 SP1
7.1
fixed
suse enterprise server 12 SP2
7.1
fixed
suse enterprise server 12 SP3
7.1
fixed
suse enterprise server 12 SP4
8.3.1
fixed
suse enterprise server 12 SP5
8.3.1
fixed
ecryptfs-utils-devel-111
suse enterprise desktop 15
2.31
fixed
suse enterprise desktop 15 SP1
2.31
fixed
suse enterprise desktop 15 SP2
2.31
fixed
suse enterprise desktop 15 SP3
2.31
fixed
suse enterprise desktop 15 SP4
2.31
fixed
suse enterprise desktop 15 SP5
2.31
fixed
suse enterprise desktop 15 SP6
150600.16.3
fixed
suse enterprise desktop 15 SP7
150600.16.3
fixed
suse enterprise sap 15
2.31
fixed
suse enterprise sap 15 SP1
2.31
fixed
suse enterprise sap 15 SP2
2.31
fixed
suse enterprise sap 15 SP3
2.31
fixed
suse enterprise sap 15 SP4
2.31
fixed
suse enterprise sap 15 SP5
2.31
fixed
suse enterprise sap 15 SP6
150600.16.3
fixed
suse enterprise sap 15 SP7
150600.16.3
fixed
suse enterprise server 15
2.31
fixed
suse enterprise server 15 SP1
2.31
fixed
suse enterprise server 15 SP2
2.31
fixed
suse enterprise server 15 SP3
2.31
fixed
suse enterprise server 15 SP4
2.31
fixed
suse enterprise server 15 SP5
2.31
fixed
suse enterprise server 15 SP6
150600.16.3
fixed
suse enterprise server 15 SP7
150600.16.3
fixed
libecryptfs1-111
suse enterprise desktop 15
2.31
fixed
suse enterprise desktop 15 SP1
2.31
fixed
suse enterprise desktop 15 SP2
2.31
fixed
suse enterprise desktop 15 SP3
2.31
fixed
suse enterprise desktop 15 SP4
2.31
fixed
suse enterprise desktop 15 SP5
2.31
fixed
suse enterprise desktop 15 SP6
150600.16.3
fixed
suse enterprise desktop 15 SP7
150600.16.3
fixed
suse enterprise sap 15
2.31
fixed
suse enterprise sap 15 SP1
2.31
fixed
suse enterprise sap 15 SP2
2.31
fixed
suse enterprise sap 15 SP3
2.31
fixed
suse enterprise sap 15 SP4
2.31
fixed
suse enterprise sap 15 SP5
2.31
fixed
suse enterprise sap 15 SP6
150600.16.3
fixed
suse enterprise sap 15 SP7
150600.16.3
fixed
suse enterprise server 15
2.31
fixed
suse enterprise server 15 SP1
2.31
fixed
suse enterprise server 15 SP2
2.31
fixed
suse enterprise server 15 SP3
2.31
fixed
suse enterprise server 15 SP4
2.31
fixed
suse enterprise server 15 SP5
2.31
fixed
suse enterprise server 15 SP6
150600.16.3
fixed
suse enterprise server 15 SP7
150600.16.3
fixed
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-updates/2016-01/msg00118.html
http://www.openwall.com/lists/oss-security/2015/02/10/16
http://www.openwall.com/lists/oss-security/2015/02/17/7
http://www.openwall.com/lists/oss-security/2015/02/28/3
http://www.ubuntu.com/usn/USN-2524-1
https://bugs.launchpad.net/ecryptfs/+bug/906550
http://lists.opensuse.org/opensuse-updates/2016-01/msg00118.html
http://www.openwall.com/lists/oss-security/2015/02/10/16
http://www.openwall.com/lists/oss-security/2015/02/17/7
http://www.openwall.com/lists/oss-security/2015/02/28/3
http://www.ubuntu.com/usn/USN-2524-1
https://bugs.launchpad.net/ecryptfs/+bug/906550