Debian Security Advisory

DLA-397-1 ecryptfs-utils -- LTS security update

Date Reported:
20 Jan 2016
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2016-1572.
More information:

Jann Horn discovered that the setuid-root mount.ecryptfs_private helper in the ecryptfs-utils would mount over any target directory that the user owns, including a directory in procfs. A local attacker could use this flaw to escalate his privileges.