USN-2524-1

See a problem?

Source

https://ubuntu.com/security/notices/USN-2524-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2524-1.json

JSON Data

https://api.osv.dev/v1/vulns/USN-2524-1

Related

Published

2015-03-11T00:41:13.324533Z

Modified

2015-03-11T00:41:13.324533Z

Summary

ecryptfs-utils vulnerability

Details

Sylvain Pelissier discovered that eCryptfs did not generate a random salt when encrypting the mount passphrase with the login password. An attacker could use this issue to discover the login password used to protect the mount passphrase and gain unintended access to the encrypted files.

References

Affected packages

Ubuntu:14.04:LTS / ecryptfs-utils

Package

Name: ecryptfs-utils
Purl: pkg:deb/ubuntu/ecryptfs-utils@104-0ubuntu1.14.04.3?arch=src?distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

104-0ubuntu1.14.04.3

Affected versions

Other

103-0ubuntu2

104-0ubuntu1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "ecryptfs-utils": "104-0ubuntu1.14.04.3",
            "libecryptfs-dev": "104-0ubuntu1.14.04.3",
            "python-ecryptfs": "104-0ubuntu1.14.04.3",
            "libecryptfs0": "104-0ubuntu1.14.04.3",
            "ecryptfs-utils-dbg": "104-0ubuntu1.14.04.3"
        }
    ]
}