CVE-2009-1296

NameCVE-2009-1296
DescriptionThe eCryptfs support utilities (ecryptfs-utils) 73-0ubuntu6.1 on Ubuntu 9.04 stores the mount passphrase in installation logs, which might allow local users to obtain access to the filesystem by reading the log files from disk. NOTE: the log files are only readable by root.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs532372

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ecryptfs-utils (PTS)jessie, jessie (lts)103-5+deb8u1fixed
stretch111-4fixed
bullseye111-5fixed
bookworm111-6fixed
sid111-7fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ecryptfs-utilssource(unstable)75-2unimportant532372

Notes

this is a non-issue as the debian installer doesn't support per user
encrypted home directories with ecryptfs, so no passphrase is stored in the
installer logs on disk

Search for package or bug name: Reporting problems