Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [thread-next>] [month] [year] [list] 
Date: Tue, 18 Nov 2008 13:56:59 +0100
From: Jan Lieskovsky <jlieskov@...hat.com>
To: coley@...re.org
Cc: oss-security@...ts.openwall.com, Jamie Strandboge <jamie@...onical.com>
Subject: CVE Request - ecryptfs-utils

Hello Steve,

  noticed, the following issue still lacks a separate CVE identifier:

References:
http://secunia.com/Advisories/32382/
http://www.openwall.com/lists/oss-security/2008/10/23/3
http://www.openwall.com/lists/oss-security/2008/10/29/4
http://www.openwall.com/lists/oss-security/2008/10/29/7

Upstream commits:

http://git.kernel.org/?p=linux/kernel/git/mhalcrow/ecryptfs-utils.git;a=commit;h=06de99afd53f03fe07eda0ad9d61ac6d5d4d9f53
http://git.kernel.org/?p=linux/kernel/git/mhalcrow/ecryptfs-utils.git;a=commit;h=0af27a5d514dc4bbc077f07cf33a5d5b362a9193

Affected ecryptfs-utils versions:
  Jamie mentions ecryptfs-utils > 45 for ecryptfs-setup-private script,
  but the upstream commit applies also for ecryptfs_{add, wrap}_passphrase.c
  utilities present in previous versions (checked presence in ecryptfs-utils-41-1).

Could you please allocate a new CVE id for this one?

Thanks, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux