Free vulnerability management software

Mageni is a free, open-source, and powerful vulnerability management platform that takes the pain out of cybersecurity and vulnerability management.

Download Now
App screenshot

Debian Security Advisory DSA 2382-1 (ecryptfs-utils)

Information

Severity

Severity

High

Family

Family

Debian Local Security Checks

CVSSv2 Base

CVSSv2 Base

7.5

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

10 years ago

Modified

Modified

7 months ago

Summary

The remote host is missing an update to ecryptfs-utils announced via advisory DSA 2382-1.

Insight

Insight

Several problems have been discovered in ecryptfs-utils, a cryptographic filesystem for Linux. CVE-2011-1831 Vasiliy Kulikov of Openwall and Dan Rosenberg discovered that eCryptfs incorrectly validated permissions on the requested mountpoint. A local attacker could use this flaw to mount to arbitrary locations, leading to privilege escalation. CVE-2011-1832 Vasiliy Kulikov of Openwall and Dan Rosenberg discovered that eCryptfs incorrectly validated permissions on the requested mountpoint. A local attacker could use this flaw to unmount to arbitrary locations, leading to a denial of service. CVE-2011-1834 Dan Rosenberg and Marc Deslauriers discovered that eCryptfs incorrectly handled modifications to the mtab file when an error occurs. A local attacker could use this flaw to corrupt the mtab file, and possibly unmount arbitrary locations, leading to a denial of service. CVE-2011-1835 Marc Deslauriers discovered that eCryptfs incorrectly handled keys when setting up an encrypted private directory. A local attacker could use this flaw to manipulate keys during creation of a new user. CVE-2011-1837 Vasiliy Kulikov of Openwall discovered that eCryptfs incorrectly handled lock counters. A local attacker could use this flaw to possibly overwrite arbitrary files. We acknowledge the work of the Ubuntu distribution in preparing patches suitable for near-direct inclusion in the Debian package. For the oldstable distribution (lenny), these problems have been fixed in version 68-1+lenny1. For the stable distribution (squeeze), these problems have been fixed in version 83-4+squeeze1. For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 95-1.

Solution

Solution

We recommend that you upgrade your ecryptfs-utils packages.

Ease with a few clicks your vulnerability scanning, assessment and management process

Mageni is a free and open-source vulnerability management software. Download it now.

1. Download Multipass

sudo snap install multipass

2. Launch a multipass instance

multipass launch -c 2 -m 6G -d 20G -n mageni 20.04 && multipass shell mageni

3. Install Mageni

curl -sL https://www.mageni.net/installation | sudo bash

1. If you don’t have it already, install Brew. Then, to install Multipass simply execute:

brew install --cask multipass

2. Launch a multipass instance

multipass launch -c 2 -m 6G -d 20G -n mageni 20.04 && multipass shell mageni

2. Install Mageni

curl -sL https://www.mageni.net/installation | sudo bash

1. Download the installer for Windows

Note: You need Windows 10 Pro/Enterprise/Education v 1803 or later, or any Windows 10 with VirtualBox

2. Ensure your network is private

Make sure your local network is designated as private, otherwise Windows prevents Multipass from starting.

3. Run the installer

You need to allow the installer to gain Administrator privileges.

4. Launch a multipass instance

multipass launch -c 2 -m 6G -d 20G -n mageni 20.04

5. Log into the multipass instance

multipass shell mageni

6. Install Mageni

curl -sL https://www.mageni.net/installation | sudo bash