Red Hat Customer Portal

Skip to main content

CVE-2011-1833

Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in the eCryptfs subsystem in the Linux kernel before 3.1 allows local users to bypass intended file permissions via a mount.ecryptfs_private mount with a mismatched uid.

Details Source

Mitre

Public Date

2011-08-09 00:00:00

Impact

Moderate

Bugzilla

CVE-2011-1833 kernel: ecryptfs: mount source TOCTOU race

Bugzilla ID

731 172

CVSS Status

verified

Base Score

3.30

Base Metrics

AV:L/AC:M/Au:N/C:P/I:P/A:N

Acknowledgements

Red Hat would like to thank the Ubuntu Security Team for reporting this issue. The Ubuntu Security Team acknowledges Vasiliy Kulikov of Openwall and Dan Rosenberg as the original reporters.

IAVA

2012-A-0148

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 6 (kernel) RHSA-2011:1350 2011-10-05
Red Hat Enterprise Linux 5 (kernel) RHSA-2011:1386 2011-10-20

CWE

CWE-367

Affected Packages State

Platform Package State
Red Hat Enterprise MRG 2 realtime-kernel Not affected