CVE-2011-1833

Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in the eCryptfs subsystem in the Linux kernel before 3.1 allows local users to bypass intended file permissions via a mount.ecryptfs_private mount with a mismatched uid.

CVSS v2.0 3.3 LOW

3.3^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:M/Au:N/C:P/I:P/A:N

Exploitability : 3.4 / Impact : 4.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=764355487ea220fdc2faf128d577d7f679b91f97
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1
http://www.ubuntu.com/usn/USN-1188-1
https://bugzilla.redhat.com/show_bug.cgi?id=731172
https://github.com/torvalds/linux/commit/764355487ea220fdc2faf128d577d7f679b91f97	Exploit Patch
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=764355487ea220fdc2faf128d577d7f679b91f97
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1
http://www.ubuntu.com/usn/USN-1188-1
https://bugzilla.redhat.com/show_bug.cgi?id=731172
https://github.com/torvalds/linux/commit/764355487ea220fdc2faf128d577d7f679b91f97	Exploit Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:3.0:rc1::::::
	cpe:2.3:o:linux:linux_kernel:3.0:rc2::::::
	cpe:2.3:o:linux:linux_kernel:3.0:rc3::::::
	cpe:2.3:o:linux:linux_kernel:3.0:rc4::::::
	cpe:2.3:o:linux:linux_kernel:3.0:rc5::::::
	cpe:2.3:o:linux:linux_kernel:3.0:rc6::::::
	cpe:2.3:o:linux:linux_kernel:3.0:rc7::::::
	cpe:2.3:o:linux:linux_kernel:3.0.1:::::::*
	cpe:2.3:o:linux:linux_kernel:3.0.2:::::::*
	cpe:2.3:o:linux:linux_kernel:3.0.3:::::::*
	cpe:2.3:o:linux:linux_kernel:3.0.4:::::::*
	cpe:2.3:o:linux:linux_kernel:3.0.5:::::::*
	cpe:2.3:o:linux:linux_kernel:3.0.6:::::::*
	cpe:2.3:o:linux:linux_kernel:3.0.7:::::::*
	cpe:2.3:o:linux:linux_kernel:3.0.8:::::::*
	cpe:2.3:o:linux:linux_kernel:3.0.9:::::::*
	cpe:2.3:o:linux:linux_kernel:3.0.10:::::::*
	cpe:2.3:o:linux:linux_kernel:3.0.11:::::::*
	cpe:2.3:o:linux:linux_kernel:3.0.12:::::::*
	cpe:2.3:o:linux:linux_kernel:3.0.13:::::::*
	cpe:2.3:o:linux:linux_kernel:3.0.14:::::::*
	cpe:2.3:o:linux:linux_kernel:3.0.15:::::::*
	cpe:2.3:o:linux:linux_kernel:3.0.16:::::::*
	cpe:2.3:o:linux:linux_kernel:3.0.17:::::::*
	cpe:2.3:o:linux:linux_kernel:3.0.18:::::::*
	cpe:2.3:o:linux:linux_kernel:3.0.19:::::::*
	cpe:2.3:o:linux:linux_kernel:3.0.20:::::::*
	cpe:2.3:o:linux:linux_kernel:3.0.21:::::::*
	cpe:2.3:o:linux:linux_kernel:3.0.22:::::::*
	cpe:2.3:o:linux:linux_kernel:3.0.23:::::::*
	cpe:2.3:o:linux:linux_kernel:3.0.24:::::::*
	cpe:2.3:o:linux:linux_kernel:3.0.25:::::::*
	cpe:2.3:o:linux:linux_kernel:3.0.26:::::::*
	cpe:2.3:o:linux:linux_kernel:3.0.27:::::::*
	cpe:2.3:o:linux:linux_kernel:3.0.28:::::::*
	cpe:2.3:o:linux:linux_kernel:3.0.29:::::::*
	cpe:2.3:o:linux:linux_kernel:3.0.30:::::::*
	cpe:2.3:o:linux:linux_kernel:3.0.31:::::::*
	cpe:2.3:o:linux:linux_kernel:3.0.32:::::::*
	cpe:2.3:o:linux:linux_kernel:3.0.33:::::::*
	cpe:2.3:o:linux:linux_kernel:3.0.34:::::::*
	cpe:2.3:o:linux:linux_kernel:3.0.35:::::::*
	cpe:2.3:o:linux:linux_kernel:3.0.36:::::::*
	cpe:2.3:o:linux:linux_kernel:3.0.37:::::::*
	cpe:2.3:o:linux:linux_kernel:3.0.38:::::::*
	cpe:2.3:o:linux:linux_kernel:3.0.39:::::::*
	cpe:2.3:o:linux:linux_kernel:3.0.40:::::::*
	cpe:2.3:o:linux:linux_kernel:3.0.41:::::::*
	cpe:2.3:o:linux:linux_kernel:3.0.42:::::::*
	cpe:2.3:o:linux:linux_kernel:3.0.43:::::::*

History

21 Nov 2024, 01:27

Type	Values Removed	Values Added
References	~~() http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=764355487ea220fdc2faf128d577d7f679b91f97 -~~	() http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=764355487ea220fdc2faf128d577d7f679b91f97 -
References	~~() http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html -~~	() http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html -
References	~~() http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1 -~~	() http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1 -
References	~~() http://www.ubuntu.com/usn/USN-1188-1 -~~	() http://www.ubuntu.com/usn/USN-1188-1 -
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=731172 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=731172 -
References	~~() https://github.com/torvalds/linux/commit/764355487ea220fdc2faf128d577d7f679b91f97 - Exploit, Patch~~	() https://github.com/torvalds/linux/commit/764355487ea220fdc2faf128d577d7f679b91f97 - Exploit, Patch

07 Nov 2023, 02:07

Type	Values Removed	Values Added
References	{'url': 'http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=764355487ea220fdc2faf128d577d7f679b91f97', 'name': 'http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=764355487ea220fdc2faf128d577d7f679b91f97', 'tags': ['Patch'], 'refsource': 'CONFIRM'}	() http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=764355487ea220fdc2faf128d577d7f679b91f97 -

Information

Published : 2012-10-03 11:02

Updated : 2024-11-21 01:27

NVD link : CVE-2011-1833

Mitre link : CVE-2011-1833

CVE.ORG link : CVE-2011-1833

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-264

Permissions, Privileges, and Access Controls

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

3.3 /10