USN-2524-1

Source
https://ubuntu.com/security/notices/USN-2524-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2524-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-2524-1
Related
Published
2015-03-11T00:41:13.324533Z
Modified
2015-03-11T00:41:13.324533Z
Summary
ecryptfs-utils vulnerability
Details

Sylvain Pelissier discovered that eCryptfs did not generate a random salt when encrypting the mount passphrase with the login password. An attacker could use this issue to discover the login password used to protect the mount passphrase and gain unintended access to the encrypted files.

References

Affected packages

Ubuntu:14.04:LTS / ecryptfs-utils

Package

Name
ecryptfs-utils
Purl
pkg:deb/ubuntu/ecryptfs-utils?arch=src?distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
104-0ubuntu1.14.04.3

Affected versions

Other

103-0ubuntu2
104-0ubuntu1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "104-0ubuntu1.14.04.3",
            "binary_name": "ecryptfs-utils"
        },
        {
            "binary_version": "104-0ubuntu1.14.04.3",
            "binary_name": "ecryptfs-utils-dbg"
        },
        {
            "binary_version": "104-0ubuntu1.14.04.3",
            "binary_name": "libecryptfs-dev"
        },
        {
            "binary_version": "104-0ubuntu1.14.04.3",
            "binary_name": "libecryptfs0"
        },
        {
            "binary_version": "104-0ubuntu1.14.04.3",
            "binary_name": "python-ecryptfs"
        }
    ]
}