Bug 735342 – VUL-0: CVE-2011-3145: ecryptfs-utils: incorrect mtab group ownership

Bug 735342 - VUL-0: CVE-2011-3145: ecryptfs-utils: incorrect mtab group ownership


Summary:	VUL-0: CVE-2011-3145: ecryptfs-utils: incorrect mtab group ownership

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	General
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:	maint:released:sle11-sp1:45957
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2011-12-07 13:47 UTC by Matthias Weckbecker
Modified:	2012-06-02 08:29 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
ecryptfs-utils-CVE-2011-3145.patch (2.13 KB, patch) 2011-12-07 14:40 UTC, Marcus Meissner	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Matthias Weckbecker 2011-12-07 13:47:21 UTC

When mount.ecrpytfs_private calls set setreuid() it doesn't also set the
effective group id. So when it creates the new version, mtab.tmp, it's
created with the group id of the user running mount.ecryptfs_private.

Reference: 
https://launchpad.net/bugs/830850

Comment 1 Matthias Weckbecker 2011-12-07 13:48:00 UTC

patch available at:

https://bugzilla.redhat.com/attachment.cgi?id=519393&action=diff

Comment 3 Marcus Meissner 2011-12-07 14:39:58 UTC

the presence of the flaw makes the previous security fixes in the mtab area again influencable by the current user. A local attacker could write to /etc/mtab.tmp, as
also the current user umask would be in use (and could be set to create group writeable files by default) which could be used during the writing of /etc/mtab.tmp to edit it.

Comment 4 Marcus Meissner 2011-12-07 14:40:38 UTC

Created attachment 466317 [details]
ecryptfs-utils-CVE-2011-3145.patch

the patch from redhat bugzilla

Comment 5 Swamp Workflow Management 2011-12-12 12:55:15 UTC

The SWAMPID for this issue is 44543.
This issue was rated as moderate.
Please submit fixed packages until 2011-12-26.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.

Comment 6 Marcus Meissner 2011-12-13 11:05:04 UTC

openSUSE 12.1 has the fix already.

Comment 7 Marcus Meissner 2011-12-14 16:35:47 UTC

submitted sle11 sp1 and 11.3,11.4

Comment 8 Bernhard Wiedemann 2011-12-14 17:00:08 UTC

This is an autogenerated message for OBS integration:
This bug (735342) was mentioned in
https://build.opensuse.org/request/show/96667 11.4 / ecryptfs-utils

Comment 9 Bernhard Wiedemann 2012-01-22 15:00:40 UTC

This is an autogenerated message for OBS integration:
This bug (735342) was mentioned in
https://build.opensuse.org/request/show/101056 Evergreen:11.1 / ecryptfs-utils

Comment 10 Marcus Meissner 2012-04-19 14:57:52 UTC

resubmitting

Comment 11 Marcus Meissner 2012-06-01 08:04:34 UTC

released finally

Comment 12 Swamp Workflow Management 2012-06-01 11:30:38 UTC

Update released for: ecryptfs-utils, ecryptfs-utils-32bit, ecryptfs-utils-debuginfo, ecryptfs-utils-debuginfo-32bit, ecryptfs-utils-debuginfo-x86, ecryptfs-utils-debugsource, ecryptfs-utils-x86
Products:
SLE-DEBUGINFO 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP1 (i386, x86_64)
SLE-DESKTOP 11-SP1-FOR-SP2 (i386, x86_64)
SLE-SERVER 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP1-FOR-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP1-TERADATA (x86_64)
SLES4VMWARE 11-SP1 (i386, x86_64)