Launchpad.net

CVE 2011-1836

utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process.

Related bugs and status

CVE-2011-1836 (Candidate) is related to these bugs:

Bug #732628: TOCTOU in mount.ecryptfs_private

		In	Importance	Status
732628	TOCTOU in mount.ecryptfs_private	eCryptfs	High	Fix Released
732628	TOCTOU in mount.ecryptfs_private	ecryptfs-utils (Ubuntu)	High	Fix Released
732628	TOCTOU in mount.ecryptfs_private	Fedora	Undecided	Fix Released
732628	TOCTOU in mount.ecryptfs_private	ecryptfs-utils (Debian)	Undecided	Fix Released
732628	TOCTOU in mount.ecryptfs_private	ecryptfs-utils (Ubuntu Lucid)	High	Fix Released
732628	TOCTOU in mount.ecryptfs_private	ecryptfs-utils (Ubuntu Maverick)	High	Fix Released
732628	TOCTOU in mount.ecryptfs_private	ecryptfs-utils (Ubuntu Oneiric)	High	Fix Released
732628	TOCTOU in mount.ecryptfs_private	ecryptfs-utils (Ubuntu Natty)	High	Fix Released
732628	TOCTOU in mount.ecryptfs_private	linux-source-2.6.15 (Ubuntu)	Undecided	Invalid
732628	TOCTOU in mount.ecryptfs_private	linux-source-2.6.15 (Ubuntu Lucid)	Undecided	Invalid
732628	TOCTOU in mount.ecryptfs_private	linux-source-2.6.15 (Ubuntu Maverick)	Undecided	Invalid
732628	TOCTOU in mount.ecryptfs_private	linux-source-2.6.15 (Ubuntu Natty)	Undecided	Invalid
732628	TOCTOU in mount.ecryptfs_private	linux-source-2.6.15 (Ubuntu Oneiric)	Undecided	Invalid
732628	TOCTOU in mount.ecryptfs_private	ecryptfs-utils (Ubuntu Hardy)	Undecided	Invalid
732628	TOCTOU in mount.ecryptfs_private	linux-source-2.6.15 (Ubuntu Hardy)	Undecided	Invalid
732628	TOCTOU in mount.ecryptfs_private	linux-ec2 (Ubuntu)	Low	Invalid
732628	TOCTOU in mount.ecryptfs_private	linux-ec2 (Ubuntu Hardy)	Low	Invalid
732628	TOCTOU in mount.ecryptfs_private	linux-ec2 (Ubuntu Lucid)	Low	Fix Released
732628	TOCTOU in mount.ecryptfs_private	linux-ec2 (Ubuntu Maverick)	Low	Invalid
732628	TOCTOU in mount.ecryptfs_private	linux-ec2 (Ubuntu Natty)	Low	Invalid
732628	TOCTOU in mount.ecryptfs_private	linux-ec2 (Ubuntu Oneiric)	Low	Invalid
732628	TOCTOU in mount.ecryptfs_private	linux-lts-backport-natty (Ubuntu)	Low	Invalid
732628	TOCTOU in mount.ecryptfs_private	linux-lts-backport-natty (Ubuntu Hardy)	Low	Invalid
732628	TOCTOU in mount.ecryptfs_private	linux-lts-backport-natty (Ubuntu Lucid)	Low	Fix Released
732628	TOCTOU in mount.ecryptfs_private	linux-lts-backport-natty (Ubuntu Maverick)	Low	Invalid
732628	TOCTOU in mount.ecryptfs_private	linux-lts-backport-natty (Ubuntu Natty)	Low	Invalid
732628	TOCTOU in mount.ecryptfs_private	linux-lts-backport-natty (Ubuntu Oneiric)	Low	Invalid
732628	TOCTOU in mount.ecryptfs_private	linux-qcm-msm (Ubuntu)	Undecided	Invalid
732628	TOCTOU in mount.ecryptfs_private	linux-qcm-msm (Ubuntu Hardy)	Undecided	Invalid
732628	TOCTOU in mount.ecryptfs_private	linux-qcm-msm (Ubuntu Lucid)	Undecided	Invalid
732628	TOCTOU in mount.ecryptfs_private	linux-qcm-msm (Ubuntu Maverick)	Undecided	Invalid
732628	TOCTOU in mount.ecryptfs_private	linux-qcm-msm (Ubuntu Natty)	Undecided	Invalid
732628	TOCTOU in mount.ecryptfs_private	linux-qcm-msm (Ubuntu Oneiric)	Undecided	Invalid
732628	TOCTOU in mount.ecryptfs_private	linux-linaro (Ubuntu)	Undecided	Won't Fix
732628	TOCTOU in mount.ecryptfs_private	linux-linaro (Ubuntu Hardy)	Undecided	Won't Fix
732628	TOCTOU in mount.ecryptfs_private	linux-linaro (Ubuntu Lucid)	Undecided	Won't Fix
732628	TOCTOU in mount.ecryptfs_private	linux-linaro (Ubuntu Maverick)	Undecided	Won't Fix
732628	TOCTOU in mount.ecryptfs_private	linux-linaro (Ubuntu Natty)	Undecided	Won't Fix
732628	TOCTOU in mount.ecryptfs_private	linux-linaro (Ubuntu Oneiric)	Undecided	Won't Fix
732628	TOCTOU in mount.ecryptfs_private	linux-ti-omap (Ubuntu)	Undecided	Invalid
732628	TOCTOU in mount.ecryptfs_private	linux-ti-omap (Ubuntu Hardy)	Undecided	Invalid
732628	TOCTOU in mount.ecryptfs_private	linux-ti-omap (Ubuntu Lucid)	Undecided	Invalid
732628	TOCTOU in mount.ecryptfs_private	linux-ti-omap (Ubuntu Maverick)	Undecided	Invalid
732628	TOCTOU in mount.ecryptfs_private	linux-ti-omap (Ubuntu Natty)	Undecided	Invalid
732628	TOCTOU in mount.ecryptfs_private	linux-ti-omap (Ubuntu Oneiric)	Undecided	Invalid
732628	TOCTOU in mount.ecryptfs_private	linux-mvl-dove (Ubuntu)	Low	Invalid
732628	TOCTOU in mount.ecryptfs_private	linux-mvl-dove (Ubuntu Hardy)	Low	Invalid
732628	TOCTOU in mount.ecryptfs_private	linux-mvl-dove (Ubuntu Lucid)	Low	Fix Released
732628	TOCTOU in mount.ecryptfs_private	linux-mvl-dove (Ubuntu Maverick)	Low	Fix Released
732628	TOCTOU in mount.ecryptfs_private	linux-mvl-dove (Ubuntu Natty)	Low	Invalid

Bug #824961: Ubuntu 11.04 Server with encrypted LVM on dm RAID0 -- Incorrect metadata area header checksum - No volume groups found - ALERT! /dev/mapper/MachineName-root does not exist

Summary				In	Importance	Status
	824961	Ubuntu 11.04 Server with encrypted LVM on dm RAID0 -- Incorrect metadata area header checksum - No volume groups found - ALERT! /dev/mapper/MachineName-root does not exist		cryptsetup (Ubuntu)	Undecided	Confirmed

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2011-1836

Related bugs and status

Related bugs

References