MidnightBSD

Advisories for ecryptfs

CVE-2008-5188 HIGH

The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through 61 in eCryptfs place cleartext passwords on command lines, which allows local users to obtain sensitive information by listing the process.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-255,

Products Affected

Vendor Product Version
ecryptfs ecryptfs_utils 46
ecryptfs ecryptfs_utils 48
ecryptfs ecryptfs_utils 60
ecryptfs ecryptfs_utils 47
ecryptfs ecryptfs_utils 49
ecryptfs ecryptfs_utils 56
ecryptfs ecryptfs_utils 45
ecryptfs ecryptfs_utils 57
ecryptfs ecryptfs_utils 50
ecryptfs ecryptfs_utils 58
ecryptfs ecryptfs_utils 51
ecryptfs ecryptfs_utils 53
ecryptfs ecryptfs_utils 55
ecryptfs ecryptfs_utils 61
ecryptfs ecryptfs_utils 54
ecryptfs ecryptfs_utils 59
CVE-2014-9687 MEDIUM

eCryptfs 104 and earlier uses a default salt to encrypt the mount passphrase, which makes it easier for attackers to obtain user passwords via a brute force attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-255,

Products Affected

Vendor Product Version
ecryptfs ecryptfs-utils *
CVE-2015-8946 LOW

ecryptfs-setup-swap in eCryptfs before 111 does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning and certain versions of systemd, which allows local users to obtain sensitive information via unspecified vectors.

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
canonical ubuntu_linux 15.10
ecryptfs ecryptfs-utils *
canonical ubuntu_linux 16.04
CVE-2016-1572 MEDIUM

mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated by /proc/$pid.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.5 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,

Products Affected

Vendor Product Version
ecryptfs ecryptfs-utils *
debian debian_linux 8.0
opensuse opensuse 13.2
canonical ubuntu_linux 12.04
opensuse opensuse 13.1
canonical ubuntu_linux 15.04
fedoraproject fedora 23
opensuse leap 42.1
canonical ubuntu_linux 15.10
fedoraproject fedora 22
debian debian_linux 7.0
canonical ubuntu_linux 14.04
CVE-2016-6224 LOW

ecryptfs-setup-swap in eCryptfs does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning on a (1) NVMe or (2) MMC drive, which allows local users to obtain sensitive information via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8946.

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
canonical ubuntu_linux 15.10
ecryptfs ecryptfs-utils *
canonical ubuntu_linux 14.04