CVE-2011-3145

Name of the Vulnerable Software and Affected Versions ecryptfs-utils-devel versions 75 through 82 ecryptfs-utils versions 75 through 82 ecryptfs-utils-gui versions 75 ecryptfs-utils-debuginfo versions 82

Description The issue concerns multiple vulnerabilities in the ecryptfs-utils package, which can lead to a breach of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited locally. According to the NVD, when mount.ecryptfs private before version 87-0ubuntu1.2 calls setreuid(), it doesn't also set the effective group id, resulting in the creation of mtab.tmp with the group id of the user running mount.ecryptfs private.

Recommendations For ecryptfs-utils-devel versions 75 through 82, update to a version newer than 82. For ecryptfs-utils versions 75 through 82, update to a version newer than 82. For ecryptfs-utils-gui version 75, update to a version newer than 75. For ecryptfs-utils-debuginfo version 82, update to a version newer than 82. As a temporary workaround, consider restricting access to the vulnerable mount.ecryptfs private function until a patch is available.