CVE-2011-1836

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2011-1836 at MITRE

Description

utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process.
CVSS v2 Scores
  National Vulnerability Database
Base Score 4.64
Vector AV:L/AC:L/Au:N/C:P/I:P/A:P
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial

SUSE information

SUSE Bugzilla entries: 709771 [RESOLVED / FIXED], 711539 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 11 SP1
SUSE Linux Enterprise Server 11 SP1
SUSE Linux Enterprise Server 11 SP1 for VMware
  • ecryptfs-utils >= 61-1.29.1
sles11-sp1.ia64
sles11-sp1-vmware.x86
sled11-sp1.x86-64
sles11-sp1.x86
sles11-sp1.x86-64
sles11-sp1-vmware.x86-64
sled11-sp1.x86
sles11-sp1.ppc
sles11-sp1.s390x
SAT Patch Nr: 4956
SUSE Linux Enterprise Desktop 11 SP1
SUSE Linux Enterprise Server 11 SP1
SUSE Linux Enterprise Server 11 SP1 for VMware
  • ecryptfs-utils >= 61-1.29.1
  • ecryptfs-utils-32bit >= 61-1.29.1
sles11-sp1.ia64
sles11-sp1-vmware.x86
sled11-sp1.x86-64
sles11-sp1.x86
sles11-sp1.x86-64
sles11-sp1-vmware.x86-64
sled11-sp1.x86
sles11-sp1.ppc
sles11-sp1.s390x
SAT Patch Nr: 4956
SUSE Linux Enterprise Server 11 SP1
  • ecryptfs-utils >= 61-1.29.1
  • ecryptfs-utils-x86 >= 61-1.29.1
sles11-sp1.ia64
sles11-sp1-vmware.x86
sled11-sp1.x86-64
sles11-sp1.x86
sles11-sp1.x86-64
sles11-sp1-vmware.x86-64
sled11-sp1.x86
sles11-sp1.ppc
sles11-sp1.s390x
SAT Patch Nr: 4956