CVE-2014-9687

EUVD-2014-9495
eCryptfs 104 and earlier uses a default salt to encrypt the mount passphrase, which makes it easier for attackers to obtain user passwords via a brute force attack.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
Affected Products (NVD)
VendorProductVersion
ecryptfsecryptfs-utils
𝑥
≤ 104
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ecryptfs-utils
bookworm
111-6
fixed
bullseye
111-5
fixed
sid
111-7
fixed
squeeze
no-dsa
wheezy
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ecryptfs-utils
lucid
Fixed 83-0ubuntu3.2.10.04.6
released
precise
Fixed 96-0ubuntu3.4
released
trusty
Fixed 104-0ubuntu1.14.04.3
released
utopic
Fixed 104-0ubuntu1.14.10.3
released
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-updates/2016-01/msg00118.html
http://www.openwall.com/lists/oss-security/2015/02/10/16
http://www.openwall.com/lists/oss-security/2015/02/17/7
http://www.openwall.com/lists/oss-security/2015/02/28/3
http://www.ubuntu.com/usn/USN-2524-1
https://bugs.launchpad.net/ecryptfs/+bug/906550
http://lists.opensuse.org/opensuse-updates/2016-01/msg00118.html
http://www.openwall.com/lists/oss-security/2015/02/10/16
http://www.openwall.com/lists/oss-security/2015/02/17/7
http://www.openwall.com/lists/oss-security/2015/02/28/3
http://www.ubuntu.com/usn/USN-2524-1
https://bugs.launchpad.net/ecryptfs/+bug/906550