CVE 2009-1296
The eCryptfs support utilities (ecryptfs-utils) 73-0ubuntu6.1 on Ubuntu 9.04 stores the mount passphrase in installation logs, which might allow local users to obtain access to the filesystem by reading the log files from disk. NOTE: the log files are only readable by root.
Related bugs and status
CVE-2009-1296 (Candidate) is related to these bugs:
Bug #358573: ecryptfs private directory randomly unmounts
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 358573 | ecryptfs private directory randomly unmounts | ecryptfs-utils (Ubuntu) | High | Fix Released | ||
| 358573 | ecryptfs private directory randomly unmounts | eCryptfs | High | Fix Released | ||
Bug #371587: mount.ecryptfs takes up enormous amounts of memory when mounting
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 371587 | mount.ecryptfs takes up enormous amounts of memory when mounting | ecryptfs-utils (Ubuntu) | Medium | Fix Released | ||
| 371587 | mount.ecryptfs takes up enormous amounts of memory when mounting | eCryptfs | Medium | Fix Released | ||
Bug #376486: vol_id is superseded by blkid
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 376486 | vol_id is superseded by blkid | ecryptfs-utils (Ubuntu) | Medium | Fix Released | ||
| 376486 | vol_id is superseded by blkid | eCryptfs | Medium | Fix Released | ||
Bug #383650: leakage in the installer
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 383650 | leakage in the installer | ecryptfs-utils (Ubuntu) | Critical | Fix Released | ||
| 383650 | leakage in the installer | ecryptfs-utils (Ubuntu Jaunty) | Critical | Fix Released | ||
Bug #395082: No sudo access after installing of Ubuntu amd64 from July 2 daily.
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 395082 | No sudo access after installing of Ubuntu amd64 from July 2 daily. | user-setup (Ubuntu) | Undecided | Fix Released | ||
| 395082 | No sudo access after installing of Ubuntu amd64 from July 2 daily. | ecryptfs-utils (Ubuntu) | High | Fix Released | ||
Bug #400484: unable to show the contents of my kernel keyring
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 400484 | unable to show the contents of my kernel keyring | linux (Ubuntu) | High | Won't Fix | ||
| 400484 | unable to show the contents of my kernel keyring | ecryptfs-utils (Ubuntu) | High | Fix Released | ||
| 400484 | unable to show the contents of my kernel keyring | keyutils (Ubuntu) | High | Invalid | ||
See the 
CVE page on Mitre.org
for more details.
