Critical Vulnerability Information ID: Bug 841940 (CVE-2012-3409, CVE-2012-3409) Title: ecryptfs-utils: suid helper does not restrict mounting filesystems with nosuid,nodev leading to possible privilege escalation Status: CLOSED ERRATA Product: Security Response Component: vulnerability Operating System: Linux Priority: medium Severity: medium Reporter: Vincent Danen Reported Time: 2012-07-20 15:25 UTC Closed Time: 2012-07-24 04:54:33 UTC Vulnerability Description Description: The private ecryptfs mount helper (/sbin/mount.ecryptfs_private), which is setuid-root, could allow an unprivileged local user to mount user-controlled ecryptfs shares on the local system. Because the ecryptfs helper does not mount filesystems with the "nosuid" and "nodev" flags, it would be possible for a user to mount a filesystem containing setuid-root binaries and/or device files that could lead to the escalation of their privileges. This could be done via a USB device, if the user had physical access to the system. Affected Versions: May only affect version 86 and later. Fix: Forcing MS_NOSUID and MS_NODEV mount flags was added to version 99. Fix Information Red Hat Enterprise Linux 5 and 6: Not affected. Fedora 17: ecryptfs-utils-99-1.fc17 has been pushed to the stable repository. Fedora 16: ecryptfs-utils-99-1.fc16 has been pushed to the stable repository.