CVE-2016-1572

NameCVE-2016-1572
Descriptionmount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated by /proc/$pid.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-397-1, DSA-3450-1
NVD severitymedium

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ecryptfs-utils (PTS)jessie (security), jessie103-5+deb8u1fixed
stretch, sid111-4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ecryptfs-utilssource(unstable)106-2
ecryptfs-utilssourcejessie103-5+deb8u1DSA-3450-1
ecryptfs-utilssourcesqueeze83-4+squeeze2DLA-397-1
ecryptfs-utilssourcewheezy99-1+deb7u1DSA-3450-1

Notes

https://bugs.launchpad.net/ecryptfs/+bug/1530566
https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/870

Search for package or bug name: Reporting problems