Bug 735342 - VUL-0: CVE-2011-3145: ecryptfs-utils: incorrect mtab group ownership
VUL-0: CVE-2011-3145: ecryptfs-utils: incorrect mtab group ownership
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: General
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
maint:released:sle11-sp1:45957
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-12-07 13:47 UTC by Matthias Weckbecker
Modified: 2012-06-02 08:29 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
ecryptfs-utils-CVE-2011-3145.patch (2.13 KB, patch)
2011-12-07 14:40 UTC, Marcus Meissner
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Matthias Weckbecker 2011-12-07 13:47:21 UTC
When mount.ecrpytfs_private calls set setreuid() it doesn't also set the
effective group id. So when it creates the new version, mtab.tmp, it's
created with the group id of the user running mount.ecryptfs_private.

Reference: 
https://launchpad.net/bugs/830850
Comment 1 Matthias Weckbecker 2011-12-07 13:48:00 UTC
patch available at:

https://bugzilla.redhat.com/attachment.cgi?id=519393&action=diff
Comment 3 Marcus Meissner 2011-12-07 14:39:58 UTC
the presence of the flaw makes the previous security fixes in the mtab area again influencable by the current user. A local attacker could write to /etc/mtab.tmp, as
also the current user umask would be in use (and could be set to create group writeable files by default) which could be used during the writing of /etc/mtab.tmp to edit it.
Comment 4 Marcus Meissner 2011-12-07 14:40:38 UTC
Created attachment 466317 [details]
ecryptfs-utils-CVE-2011-3145.patch

the patch from redhat bugzilla
Comment 5 Swamp Workflow Management 2011-12-12 12:55:15 UTC
The SWAMPID for this issue is 44543.
This issue was rated as moderate.
Please submit fixed packages until 2011-12-26.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 6 Marcus Meissner 2011-12-13 11:05:04 UTC
openSUSE 12.1 has the fix already.
Comment 7 Marcus Meissner 2011-12-14 16:35:47 UTC
submitted sle11 sp1 and 11.3,11.4
Comment 8 Bernhard Wiedemann 2011-12-14 17:00:08 UTC
This is an autogenerated message for OBS integration:
This bug (735342) was mentioned in
https://build.opensuse.org/request/show/96667 11.4 / ecryptfs-utils
Comment 9 Bernhard Wiedemann 2012-01-22 15:00:40 UTC
This is an autogenerated message for OBS integration:
This bug (735342) was mentioned in
https://build.opensuse.org/request/show/101056 Evergreen:11.1 / ecryptfs-utils
Comment 10 Marcus Meissner 2012-04-19 14:57:52 UTC
resubmitting
Comment 11 Marcus Meissner 2012-06-01 08:04:34 UTC
released finally
Comment 12 Swamp Workflow Management 2012-06-01 11:30:38 UTC
Update released for: ecryptfs-utils, ecryptfs-utils-32bit, ecryptfs-utils-debuginfo, ecryptfs-utils-debuginfo-32bit, ecryptfs-utils-debuginfo-x86, ecryptfs-utils-debugsource, ecryptfs-utils-x86
Products:
SLE-DEBUGINFO 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP1 (i386, x86_64)
SLE-DESKTOP 11-SP1-FOR-SP2 (i386, x86_64)
SLE-SERVER 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP1-FOR-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP1-TERADATA (x86_64)
SLES4VMWARE 11-SP1 (i386, x86_64)