Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2011-1836

Published: Feb 15, 2014 | Modified: Mar 08, 2014
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.6 MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2011-1836
CWEhttps://cwe.mitre.org/data/definitions/264.html

utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process.

Affected Software

Name Vendor Start Version End Version
Ecryptfs-utils Ecryptfs * 89 (including)
Ecryptfs-utils Ecryptfs 62 (including) 62 (including)
Ecryptfs-utils Ecryptfs 63 (including) 63 (including)
Ecryptfs-utils Ecryptfs 64 (including) 64 (including)
Ecryptfs-utils Ecryptfs 65 (including) 65 (including)
Ecryptfs-utils Ecryptfs 66 (including) 66 (including)
Ecryptfs-utils Ecryptfs 67 (including) 67 (including)
Ecryptfs-utils Ecryptfs 68 (including) 68 (including)
Ecryptfs-utils Ecryptfs 69 (including) 69 (including)
Ecryptfs-utils Ecryptfs 70 (including) 70 (including)
Ecryptfs-utils Ecryptfs 71 (including) 71 (including)
Ecryptfs-utils Ecryptfs 72 (including) 72 (including)
Ecryptfs-utils Ecryptfs 73 (including) 73 (including)
Ecryptfs-utils Ecryptfs 74 (including) 74 (including)
Ecryptfs-utils Ecryptfs 75 (including) 75 (including)
Ecryptfs-utils Ecryptfs 76 (including) 76 (including)
Ecryptfs-utils Ecryptfs 77 (including) 77 (including)
Ecryptfs-utils Ecryptfs 78 (including) 78 (including)
Ecryptfs-utils Ecryptfs 79 (including) 79 (including)
Ecryptfs-utils Ecryptfs 80 (including) 80 (including)
Ecryptfs-utils Ecryptfs 81 (including) 81 (including)
Ecryptfs-utils Ecryptfs 82 (including) 82 (including)
Ecryptfs-utils Ecryptfs 83 (including) 83 (including)
Ecryptfs-utils Ecryptfs 84 (including) 84 (including)
Ecryptfs-utils Ecryptfs 85 (including) 85 (including)
Ecryptfs-utils Ecryptfs 86 (including) 86 (including)
Ecryptfs-utils Ecryptfs 87 (including) 87 (including)
Ecryptfs_utils Ecryptfs 58 (including) 58 (including)
Ecryptfs_utils Ecryptfs 59 (including) 59 (including)
Ecryptfs_utils Ecryptfs 60 (including) 60 (including)
Ecryptfs_utils Ecryptfs 61 (including) 61 (including)

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use