Bug 1300594 (CVE-2016-1572) - CVE-2016-1572 ecryptfs-utils: privilege escalation by mounting over /proc/$pid
Summary: CVE-2016-1572 ecryptfs-utils: privilege escalation by mounting over /proc/$pid
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2016-1572
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1300595
Blocks: 1300590
TreeView+ depends on / blocked
 
Reported: 2016-01-21 09:15 UTC by Andrej Nemec
Modified: 2019-10-10 10:57 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-02-23 16:54:14 UTC


Attachments (Terms of Use)

Description Andrej Nemec 2016-01-21 09:15:50 UTC
An unprivileged user can mount an ecryptfs over /proc/$pid because according to stat(), it is a normal directory and owned by the user. However, the user is not actually permitted to create arbitrary directory entries in /proc/$pid, and ecryptfs' behavior might be enabling privilege escalation attacks with the help of other programs that use procfs.

Upstream bug report with reproducer:

https://bugs.launchpad.net/ecryptfs/+bug/1530566

Proposed upstream patch:

https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/870

Comment 1 Andrej Nemec 2016-01-21 09:16:14 UTC
Created ecryptfs-utils tracking bugs for this issue:

Affects: fedora-all [bug 1300595]


Note You need to log in before you can comment on or make changes to this bug.