Detections
Analytics

Oracle Linux 5 : ecryptfs-utils (ELSA-2009-1307)

medium Nessus Plugin ID 180624

Language:

Synopsis

The remote Oracle Linux host is missing a security update.

Description

The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2009-1307 advisory.

 [75-4]
 - fix EOF handling (#499367)
 - add icon to gui desktop file

 [75-3]
 - ask for password confirmation when creating openssl key (#500850)
 - removed executable permission from ecryptfs-dot-private (#500817)
 - ecryptfs-rewrite-file: improve of progress output (#500813)
 - dont error out when unwrapping and adding a key that already exists (#500810)
 - fix typo in ecryptfs-rewrite-file(1) (#500804)
 - add error message about full keyring (#501460)
 - gui sub-package must requires pygtk2-libglade (#500997)
 - require cryptsetup-luks for encrypted swap (#500824)
 - use blkid instead of vol_id (#500820)
 - dont rely on cryptdisks service (#500829)

 [75-2]
 - dont hang when used with wrong/missing stdin (#499367)
 - dont print error when key already removed (#499167)
 - refuse mounting with too small rsa key (#499175)
 - dont error out when adding key that already exists (#500361)
 - allow only working key sizes (#500352)
 - retutn nonzero when fnek is not supported (#500566)
 - add icon for Access-Your-Private-Data.desktop file (#500623)
 - fix information about openssl_passwd in openssl_passwd_file (#499128)
 - dont list mount.ecryptfs_private twice

 [75-1]
 - update to 75 and drop some patches

 [74-24]
 - add suid mount.ecryptfs_private, restrict it to ecryptfs group

 [74-23]
 - skip releases -2 - -22 to be sure its always newer nvr

 [74-22]
 - drop setuid for mount.ecryptfs_private
 - resolves: #482834

 [74-1]
 - update to 74
 - fix difference between apps. real names and names in usage messages (#475969)
 - describe verobse and verbosity=X in man page (#470444)
 - adding passphrase to keyring is fixed (#469662)
 - mount wont fail with wrong/empty input to yes/no questions (#466210)
 - try to load modules instead of failing when its missing (#460496)
 - fix wrong return codes (#479429)
 - resolves: #482834

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected ecryptfs-utils, ecryptfs-utils-devel and / or ecryptfs-utils-gui packages.

See Also

https://linux.oracle.com/errata/ELSA-2009-1307.html

Plugin Details

Severity: Medium

ID: 180624

File Name: oraclelinux_ELSA-2009-1307.nasl

Version: 1.2

Type: local

Agent: unix

Published: 9/7/2023

Updated: 10/22/2024

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2008-5188

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:ecryptfs-utils, p-cpe:/a:oracle:linux:ecryptfs-utils-gui, p-cpe:/a:oracle:linux:ecryptfs-utils-devel, cpe:/o:oracle:linux:5

Required KB Items: Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list, Host/local_checks_enabled

Exploit Ease: No known exploits are available

Patch Publication Date: 9/8/2009

Vulnerability Publication Date: 10/23/2008

Reference Information

CVE: CVE-2008-5188