Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Encrypted Virtual Filesystem (EVFS) Buffer Overflow May Let Local Users Gain Root Privileges
|
|
SecurityTracker Alert ID: 1006843
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: May 25 2003
|
Impact: Execution of arbitrary code via local system, Root access via local system
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): 0.2
|
Description: A buffer overflow vulnerability was reported in the Encrypted Virtual File System (EVFS), a patch to VFS. A local user may be able to execute arbitrary code with root privileges.
It is reported that a local user can attempt to mount a directory using EVFS with specially crafted 'from', 'to', and 'password'
arguments to trigger a buffer overflow. On systems where the utility has been configured with set user id (setuid) root privileges,
the local user can obtain root privileges.
According to the vendor's documentation, EVFS is not installed setuid root by default.
The documentation provides instructions on how to configure the application setuid root for systems that require non-root users
to invoke the utility.
|
Impact: A local user can execute arbitrary code on the system. On systems that have EVFS configured with setuid root user privileges, a local user can gain root access.
|
Solution: The vendor has released a fixed version (0.3), available at:
http://hysteria.sk/evfs/f/evfs-0.3.tgz
http://hysteria.sk/evfs/f/
|
Vendor URL: hysteria.sk/evfs/ (Links to External Site)
|
Cause: Boundary error
|
Underlying OS: Linux (Any), UNIX (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Sat, 24 May 2003 22:50:48 -0400
Subject: Encrypted Virtual File System 0.3
|
- Encrypted Virtual File System 0.3
by sd (http://freshmeat.net/users/sd/)
Wednesday, May 21st 2003 18:31
About: EVFS is a Linux virtual filesystem which sits on top of VFS to
access the underlying filesystem. This means users can mount any
directory containing encrypted data to any other directory (=clone), but
the second will be encrypted/decrypted transparently until it is
unmounted. It has multi-user support so that regular users can mount
their own evfs filesystems from and to directories they own. Therefore
it's possible to have a totally encrypted filesystem, each user with
their own key.
Changes: Multiuser support is now working, and fixes for strange segfaults
(which may lead to potential security issues in one case).
License: GNU General Public License (GPL)
URL: http://freshmeat.net/projects/evfs/
-----
http://hysteria.sk/evfs/f/evfs/CHANGELOG
> locally exploitable root bug in efs if setuid, thx to Paul Lasarev <paul@itk.ru>
-----
Old:
buf = salloc(strlen(from) + strlen(pwd) + 3);
sprintf(buf, "%s %s %s", from, to, pwd);
New:
buf = salloc(strlen(from) + strlen(pwd) + strlen(to) + 3);
sprintf(buf, "%s %s %s", from, to, pwd);
|
|
Go to the Top of This SecurityTracker Archive Page
|
