CVE-2014-9687

eCryptfs 104 and earlier uses a default salt to encrypt the mount passphrase, which makes it easier for attackers to obtain user passwords via a brute force attack.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 65%
VendorProductVersion
ecryptfsecryptfs-utils
𝑥
≤ 104
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ecryptfs-utils
bullseye
111-5
fixed
wheezy
no-dsa
squeeze
no-dsa
bookworm
111-6
fixed
sid
111-7
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ecryptfs-utils
utopic
Fixed 104-0ubuntu1.14.10.3
released
trusty
Fixed 104-0ubuntu1.14.04.3
released
precise
Fixed 96-0ubuntu3.4
released
lucid
Fixed 83-0ubuntu3.2.10.04.6
released
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-updates/2016-01/msg00118.html
http://www.openwall.com/lists/oss-security/2015/02/10/16
http://www.openwall.com/lists/oss-security/2015/02/17/7
http://www.openwall.com/lists/oss-security/2015/02/28/3
http://www.ubuntu.com/usn/USN-2524-1
https://bugs.launchpad.net/ecryptfs/+bug/906550
http://lists.opensuse.org/opensuse-updates/2016-01/msg00118.html
http://www.openwall.com/lists/oss-security/2015/02/10/16
http://www.openwall.com/lists/oss-security/2015/02/17/7
http://www.openwall.com/lists/oss-security/2015/02/28/3
http://www.ubuntu.com/usn/USN-2524-1
https://bugs.launchpad.net/ecryptfs/+bug/906550