CVE-2016-1572
Severity CVSS v4.0:
Pending analysis
Type:
CWE-269
Improper Privilege Management
Publication date:
22/01/2016
Last modified:
12/04/2025
Description
mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated by /proc/$pid.
Impact
Base Score 3.x
8.40
Severity 3.x
HIGH
Base Score 2.0
4.60
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:ecryptfs:ecryptfs-utils:*:*:*:*:*:*:*:* | 109 (excluding) | |
| cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:* | ||
| cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* | ||
| cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:* | ||
| cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:* | ||
| cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:* | ||
| cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177359.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177396.html
- http://lists.opensuse.org/opensuse-updates/2016-01/msg00091.html
- http://lists.opensuse.org/opensuse-updates/2016-01/msg00118.html
- http://lists.opensuse.org/opensuse-updates/2016-02/msg00004.html
- http://www.debian.org/security/2016/dsa-3450
- http://www.openwall.com/lists/oss-security/2016/01/20/6
- http://www.securitytracker.com/id/1034791
- http://www.ubuntu.com/usn/USN-2876-1
- https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/870
- https://bugs.launchpad.net/ecryptfs/+bug/1530566
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177359.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177396.html
- http://lists.opensuse.org/opensuse-updates/2016-01/msg00091.html
- http://lists.opensuse.org/opensuse-updates/2016-01/msg00118.html
- http://lists.opensuse.org/opensuse-updates/2016-02/msg00004.html
- http://www.debian.org/security/2016/dsa-3450
- http://www.openwall.com/lists/oss-security/2016/01/20/6
- http://www.securitytracker.com/id/1034791
- http://www.ubuntu.com/usn/USN-2876-1
- https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/870
- https://bugs.launchpad.net/ecryptfs/+bug/1530566