-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2012.0031
                      ecryptfs-utils security update
                              9 January 2012

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           ecryptfs-utils
Publisher:         Debian
Operating System:  Debian GNU/Linux 5
                   Debian GNU/Linux 6
Impact/Access:     Increased Privileges      -- Existing Account
                   Access Privileged Data    -- Existing Account
                   Modify Arbitrary Files    -- Existing Account
                   Overwrite Arbitrary Files -- Existing Account
                   Denial of Service         -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2011-3145 CVE-2011-1837 CVE-2011-1835
                   CVE-2011-1834 CVE-2011-1832 CVE-2011-1831

Reference:         ESB-2011.0893

Original Bulletin: 
   http://www.debian.org/security/2011/dsa-2382

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-2382-1                   security@debian.org
http://www.debian.org/security/                        Jonathan Wiltshire
January 07, 2012                       http://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : ecryptfs-utils
Vulnerability  : multiple
Problem type   : local
Debian-specific: no
CVE ID         : CVE-2011-1831 CVE-2011-1832 CVE-2011-1834 CVE-2011-1835 
                 CVE-2011-1837 CVE-2011-3145 

Several problems have been discovered in ecryptfs-utils, a cryptographic
filesystem for Linux.

CVE-2011-1831

  Vasiliy Kulikov of Openwall and Dan Rosenberg discovered that eCryptfs
  incorrectly validated permissions on the requested mountpoint. A local
  attacker could use this flaw to mount to arbitrary locations, leading
  to privilege escalation.

CVE-2011-1832

  Vasiliy Kulikov of Openwall and Dan Rosenberg discovered that eCryptfs
  incorrectly validated permissions on the requested mountpoint. A local
  attacker could use this flaw to unmount to arbitrary locations, leading
  to a denial of service.

CVE-2011-1834

  Dan Rosenberg and Marc Deslauriers discovered that eCryptfs incorrectly
  handled modifications to the mtab file when an error occurs. A local
  attacker could use this flaw to corrupt the mtab file, and possibly
  unmount arbitrary locations, leading to a denial of service.

CVE-2011-1835

  Marc Deslauriers discovered that eCryptfs incorrectly handled keys when
  setting up an encrypted private directory. A local attacker could use
  this flaw to manipulate keys during creation of a new user.

CVE-2011-1837

  Vasiliy Kulikov of Openwall discovered that eCryptfs incorrectly handled
  lock counters. A local attacker could use this flaw to possibly overwrite
  arbitrary files.

We acknowledge the work of the Ubuntu distribution in preparing patches
suitable for near-direct inclusion in the Debian package.

For the oldstable distribution (lenny), these problems have been fixed in
version 68-1+lenny1.

For the stable distribution (squeeze), these problems have been fixed in
version 83-4+squeeze1.

For the testing distribution (wheezy) and the unstable distribution (sid),
these problems have been fixed in version 95-1.

We recommend that you upgrade your ecryptfs-utils packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQEcBAEBAgAGBQJPCJaDAAoJEL97/wQC1SS+eKAH/3TKaU7EDHYi53WPas0ZRH7a
HLS/BToZs2DrMHPzW8IMvCWNavFUy5WnEdRNZgpRPcULonK4Iabsp0XskUFMlJOZ
vbWrjdupnDRFYiQWdcrXdmYBM0xKVaXuwND/ZZUL6KWWGUIL5QF+q03nHE4kWSHc
sRORBQ5gqNWqYtrkVjUDntccASW9vLYaVFixGzNy8lol79ps+laRC58TTjLv5s6Q
fTsPyY/tf7Nsmm5mMyihpJ+WKDUZDOfjxkyIwnnInoomwmLJhKorMA0D6Ry6Mud7
2DLuShV/jR8sEkXBPpoa29CIIrW8P/LSvEbJKIGUi55fMDWwkz1DE7ACVU+hRK4=
=xE87
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBTwo7EO4yVqjM2NGpAQK7Bw/+NuRkZc9pL/XEl+siL765qv1gw77kbbx0
q/X0UqdyR0yA54dlvfTk8tsQXwIcj6vfM15aeCeVqVB+hIsUkgFxv2YBnivHp604
0cuFCF0t2RlCYMgV1vXvs7SUiEorSAC2Sja1xA4lSREdr+XFmQDIBnBMerlYa4VN
c3DU3aZxy8yKa7ZfNCfJLr3FhxBemNLKCnFQYVe9i56c5Ky2ijMVVFULOWDPox3Z
HLo3JnpxkTLn2ONJlCRHKiYW/RgqkYMIfEPAksnNzb4UNM9gP6R4DzSQ8yEHJsIT
BPpCY9EYuRPzA2eDrgsEFHv9u/Ns7qbOFYBaXCd2efxLezk+Qxra+nBtLSWIuzr4
0/1v/3itjDSIJcQMB9pm5uneX4MaYMpBC+qZksVlArhkSV75RpFGp1IrGuKGHChs
z7proR5XcH6aovXo5LJXTN+XM5l6bG34TNOQ9QubN1aj2sjjSiOZVfWJNZ6bEd6G
9+ULAEi5y6mk1xXlqNsNIWEF11b8mRTBHuLjwt6libs1rKnhwU1aF1MYWUYukR3j
qjDJ0HGucQ9rVFvOJoUH7x2GdX5lbH3jAS/TQikhhKf13nRtZzfpdykdL/YvmI0p
ygUV1kQqPufjTBfmfmlmhv/QIo8jLuIE9F1w82Z7MZ2OLCcdGRZOYxCsKflvxZaO
NrqYf6fqEmA=
=ryOd
-----END PGP SIGNATURE-----