CVE-2011-1831 — ecryptfs-utils - multiple

Description

utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to effectively replace any directory with a new filesystem, and consequently gain privileges, via a mount system call.

How to fix CVE-2011-1831

To remediate CVE-2011-1831, upgrade the affected package to a fixed version below.

Debian/ecryptfs-utils—upgrade to 92-1 or later
Debian/ecryptfs-utils—upgrade to 68-1+lenny1 or later

Is CVE-2011-1831 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 92-1
from 0, < 68-1+lenny1

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2011-1831