we track for your security since 1999

vulnerabilities

The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them.

recent vulnerabilities

tracked products

RSS feed

vulnerability

vulnerability note CVE-2012-3409

ecryptfs-utils: privilege elevation via suid/dev

Synthesis of the vulnerability

When the /sbin/mount.ecryptfs_private program is installed suid root, a local attacker can mount an USB device containing a suid root program, in order to gain privileges of the administrator.
Impacted products: Fedora, Unix (platform).
Severity: 2/4.
Creation date: 24/07/2012.
Identifiers: 740110, BID-54634, CVE-2012-3409, FEDORA-2012-11049, FEDORA-2012-11069, VIGILANCE-VUL-11789.

Description of the vulnerability

The ecryptfs-utils suite implements tools for encrypted Linux filesystems.

The /sbin/mount.ecryptfs_private program is often installed root, so that users can encrypt their data. However, the encrypted partition is mounted without the options MS_NODEV nor MS_NOSUID. A program suid root located on the partition thus keeps its privileges.

When the /sbin/mount.ecryptfs_private program is installed suid root, a local attacker can therefore mount an USB device containing a suid root program, in order to gain privileges of the administrator.
Complete Vigil@nce bulletin.... (free access)

Share this bulletin

Computer vulnerabilities tracking service

Vigil@nce provides a computers vulnerabilities announce. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The technology watch team tracks security threats targeting the computer system. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.