| Thursday July 31st 2014

Feedburner

Subscribe by email:

We promise not to spam/sell you.


Search Amazon deals:

Linux Kernel eCryptfs vulnerability


Due to a vulnerability in the Linux kernel, a local attacker on a system with Linux kernel series 2.6 could crash the system to deny service to legitimate users or possibly obtain root privileges.

crypto securitySecurity Lab say the vulnerability is in fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel before 2.6.28.1 allows local users to cause a denial of service (fault or memory corruption), and possibly have some other unspecified impact, by making a readlink call that results in an error. The error leads to the call returning a -1 value as an array index. For those who compile their own kernel builds: there is a three line patch. The issue is fixed in the recently released version 2.6.28.1 of the Linux kernel. According to an advisory on Security Focus how an exploit might be developed is apparently still unclear and to-date there are no known exploits.

eCryptfs is now an option for some Linux distributions such as Ubuntu 8.10 “Intrepid Ibex”. It adds metadata to a normal file to allow for transparent, portable encryption and decryption of the file.

Related Posts: On this day...

Leave a Reply

You must be logged in to post a comment.