Bugzilla – Bug 962052
VUL-0: CVE-2016-1572: ecryptfs-utils: Allows mounting over special filesystems, potentially allowing privilege escalation
Last modified: 2016-04-27 19:49:50 UTC
bugbot adjusting priority
was just published on oss-sec From: Tyler Hicks <tyhicks@canonical.com> Subject: [oss-security] Security issue in eCryptfs-utils (CVE-2016-1572) Date: Wed, 20 Jan 2016 09:06:03 -0600 Jann Horn discovered[1] that the setuid-root mount.ecryptfs_private helper would mount over any target directory that the user owns. This included procfs. A user could mount over the /proc/<PID> of a process that they own and maliciously craft files in that mount point with the intent to confuse privileged processes that interact with those files. Once the crafted mount point was set up, the reporter used the newuidmap program (also setuid-root) to escalate his privileges by confusing it with the files in the crafted mount point. This issue was assigned CVE-2016-1572. The upstream fix[2] prevents the attack by creating a whitelist of mount target filesystem types that mount.ecryptfs_private can safely mount over. [1] https://launchpad.net/bugs/1530566 [2] https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/870 Tyler
This is an autogenerated message for OBS integration: This bug (962052) was mentioned in https://build.opensuse.org/request/show/355039 13.2 / ecryptfs-utils https://build.opensuse.org/request/show/355042 Factory / ecryptfs-utils
submitted everywhere
Releasing updates
openSUSE-SU-2016:0239-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 962052 CVE References: CVE-2016-1572 Sources used: openSUSE 13.2 (src): ecryptfs-utils-104-3.1
SUSE-SU-2016:0241-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 920160,962052 CVE References: CVE-2014-9687,CVE-2016-1572 Sources used: SUSE Linux Enterprise Server 12-SP1 (src): ecryptfs-utils-103-7.1 SUSE Linux Enterprise Server 12 (src): ecryptfs-utils-103-7.1 SUSE Linux Enterprise Desktop 12-SP1 (src): ecryptfs-utils-103-7.1 SUSE Linux Enterprise Desktop 12 (src): ecryptfs-utils-103-7.1
Releasing updates, all done.
SUSE-SU-2016:0290-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 920160,962052 CVE References: CVE-2014-9687,CVE-2016-1572 Sources used: SUSE Linux Enterprise Server for VMWare 11-SP3 (src): ecryptfs-utils-61-1.35.1 SUSE Linux Enterprise Server 11-SP4 (src): ecryptfs-utils-61-1.35.1 SUSE Linux Enterprise Server 11-SP3 (src): ecryptfs-utils-61-1.35.1 SUSE Linux Enterprise Desktop 11-SP4 (src): ecryptfs-utils-61-1.35.1 SUSE Linux Enterprise Desktop 11-SP3 (src): ecryptfs-utils-61-1.35.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): ecryptfs-utils-61-1.35.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): ecryptfs-utils-61-1.35.1
openSUSE-SU-2016:0291-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 920160,962052 CVE References: CVE-2014-9687,CVE-2016-1572 Sources used: openSUSE Leap 42.1 (src): ecryptfs-utils-103-3.1
openSUSE-SU-2016:0302-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 962052 CVE References: CVE-2016-1572 Sources used: openSUSE 13.1 (src): ecryptfs-utils-104-3.3.1