Ubuntu USN-783-1 (ecryptfs-utils) Network Vulnerability

Summary

The remote host is missing an update to ecryptfs-utils announced via advisory USN-783-1.

Solution

The problem can be corrected by upgrading your system to the following package versions: Ubuntu 9.04: ecryptfs-utils 73-0ubuntu6.1 In general, a standard system upgrade is sufficient to effect the necessary changes. https://secure1.securityspace.com/smysecure/catid.html?in=USN-783-1

Insight

Chris Jones discovered that the eCryptfs support utilities would report the mount passphrase into installation logs when an eCryptfs home directory was selected during Ubuntu installation. The logs are only readable by the root user, but this still left the mount passphrase unencrypted on disk, potentially leading to a loss of privacy.

Severity

Classification

CVE CVE-2009-1296
CVSS Base Score: 1.9
AV:L/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Ubuntu Update for linux-ec2 USN-1684-1
Ubuntu Update for linux-mvl-dove USN-1328-1
Ubuntu Update for keystone USN-2034-1
Ubuntu Update for linux-ti-omap4 USN-1691-1
Ubuntu Update for dbus vulnerability USN-401-1

Take action and discover your vulnerabilities