Ecryptfs : Security Vulnerabilities, CVEs, CVSS score >= 5

CVE-2016-1572

mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated by /proc/$pid.
Max CVSS
8.4
EPSS Score
0.14%
Published
2016-01-22
Updated
2022-03-23

CVE-2014-9687

eCryptfs 104 and earlier uses a default salt to encrypt the mount passphrase, which makes it easier for attackers to obtain user passwords via a brute force attack.
Max CVSS
5.0
EPSS Score
0.32%
Published
2015-03-16
Updated
2016-12-06

CVE-2012-3409

ecryptfs-utils: suid helper does not restrict mounting filesystems with nosuid,nodev which creates a possible privilege escalation
Max CVSS
7.8
EPSS Score
0.05%
Published
2019-12-20
Updated
2020-01-03

CVE-2008-5188

The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through 61 in eCryptfs place cleartext passwords on command lines, which allows local users to obtain sensitive information by listing the process.
Max CVSS
7.2
EPSS Score
0.04%
Published
2008-11-21
Updated
2017-09-29
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close