CVE-2011-1836

Name of the Vulnerable Software and Affected Versions ecryptfs-utils versions prior to 90

Description The issue concerns multiple vulnerabilities in the ecryptfs-utils package, which can lead to breaches of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited locally. The utils/ecryptfs-recover-private component in ecryptfs-utils does not establish a subdirectory with safe permissions, potentially allowing local users to bypass intended access restrictions via standard filesystem operations during the recovery process.

Recommendations For versions prior to 90, update to version 90 or later to resolve the issue. As a temporary workaround, consider restricting access to the ecryptfs-recover-private function to minimize the risk of exploitation. Additionally, ensure that safe permissions are established for subdirectories during the recovery process to prevent bypassing of intended access restrictions.