1. Ubuntu Security Notices
  2. USN-2524-1

USN-2524-1: eCryptfs vulnerability

Publication date

11 March 2015

Overview

Sensitive information in encrypted home and Private directories could be exposed if an attacker gained access to your files.

Releases

Packages

Details

Sylvain Pelissier discovered that eCryptfs did not generate a random salt when
encrypting the mount passphrase with the login password. An attacker could use
this issue to discover the login password used to protect the mount passphrase
and gain unintended access to the encrypted files.

Sylvain Pelissier discovered that eCryptfs did not generate a random salt when
encrypting the mount passphrase with the login password. An attacker could use
this issue to discover the login password used to protect the mount passphrase
and gain unintended access to the encrypted files.

Update instructions

After a standard system update you need to log out of all sessions and then log back in to make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
14.10 utopic ecryptfs-utils –  104-0ubuntu1.14.10.3
libecryptfs0 –  104-0ubuntu1.14.10.3
14.04 trusty ecryptfs-utils –  104-0ubuntu1.14.04.3
libecryptfs0 –  104-0ubuntu1.14.04.3
12.04 precise ecryptfs-utils –  96-0ubuntu3.4
libecryptfs0 –  96-0ubuntu3.4
10.04 lucid ecryptfs-utils –  83-0ubuntu3.2.10.04.6
libecryptfs0 –  83-0ubuntu3.2.10.04.6

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›