Linux Kernel - eCryptfs vulnerability
Due to a vulnerability in the Linux kernel, an attacker with a local user account, on a system with Linux kernel series 2.6 could crash the system to deny service to legitimate users or possibly obtain root privileges.
Security Lab say the vulnerability is in fs/ecryptfs/inode.c
in the eCryptfs subsystem in the Linux kernel before 2.6.28.1 allows local users to cause a denial of service (fault or memory corruption), and possibly have some other unspecified impact, by making a readlink call that results in an error. The error leads to the call returning a -1 value as an array index. For those who compile their own kernel builds: there is a three line patch. The issue is fixed in the recently released version 2.6.28.1 of the Linux kernel. According to an advisory on Security Focus how an exploit might be developed is apparently still unclear and to-date there are no known exploits.
eCryptfs is now an option for some Linux distributions such as Ubuntu 8.10 "Intrepid Ibex". It adds metadata to a normal file to allow for transparent, portable encryption and decryption of the file.
See also:
- Linux Kernel 'readlink' Local Privilege Escalation Vulnerability, advisory from SecurityFocus
- Kernel log: main development phase for 2.6.29 ends, new X.org drivers, Kernel log on heise Open
- eCryptfs: a Stacked Cryptographic Filesystem, Linux Journal article
(trk)