CVE-2016-1572

NameCVE-2016-1572
Descriptionmount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated by /proc/$pid.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-397-1, DSA-3450-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ecryptfs-utils (PTS)bullseye111-5fixed
bookworm111-6fixed
sid111-7fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ecryptfs-utilssourcesqueeze83-4+squeeze2DLA-397-1
ecryptfs-utilssourcewheezy99-1+deb7u1DSA-3450-1
ecryptfs-utilssourcejessie103-5+deb8u1DSA-3450-1
ecryptfs-utilssource(unstable)106-2

Notes

https://bugs.launchpad.net/ecryptfs/+bug/1530566
https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/870
Search for package or bug name: Reporting problems