Fwd: CVE-2016-4484: - Cryptsetup Initrd root Shell

To: Debian User German <debian-user-german@lists.debian.org>
Subject: Fwd: CVE-2016-4484: - Cryptsetup Initrd root Shell
From: Christian Knoke <chrisk@cknoke.de>
Date: Tue, 15 Nov 2016 12:08:58 +0100
Message-id: <[🔎] 20161115110858.GA1635@leo.home.cknoke.de>
Mail-followup-to: Debian User German <debian-user-german@lists.debian.org>

Moin,

aus persönlichem Interesse, und weils Debian im besonderen betrifft, eine Bugtraq
Meldung über cryptsetup:

http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html

-->-->--
If you use Debian or Ubuntu/ (probably many derived distributions are also
vulnerable, but we have not tested), and you have encrypted the system   
partition, then your systems is vulnerable.
--<--<--

Ich hatte mich schon früher an den cryptsetup Scripten geärgert, weil die
nicht so funktionieren wie sie sollen. Die Scripte sind Debian-spezifisch,
nehme ich an.

Unten noch der Beginn der Originalmeldung.

Gruß
Christian


-->-->--


Authors:	Hector Marco & Ismael Ripoll  --  Cybersecurity Group
CVE:	CVE-2016-4484
Comment:	CWE-636: Not failing securely.
Dates:	November 11th, 2016 - Disclosed at DeepSec 2016, Viena.
November 14th, 2016 - Published in the web.

Description

A vulnerability in Cryptsetup, concretely in the scripts that unlock the
system partition when the partition is ciphered using LUKS (Linux Unified
Key Setup). The disclosure of this vulnerability was presented as part of
our talk "Abusing LUKS to Hack the System" in the DeepSec 2016 security
conference, Vienna.

This vulnerability allows to obtain a root initramfs shell on affected
systems. The vulnerability is very reliable because it doesn't depend on
specific systems or configurations. Attackers can copy, modify or destroy
the hard disc as well as set up the network to exflitrate data. This
vulnerability is specially serious in environments like libraries, ATMs,
airport machines, labs, etc, where the whole boot process is protect
(password in BIOS and GRUB) and we only have a keyboard or/and a mouse.

Note that in cloud environments it is also possible to remotely exploit this
vulnerability without having "physical access."

Am I vulnerable ?

If you use Debian or Ubuntu/ (probably many derived distributions are also
vulnerable, but we have not tested), and you have encrypted the system
partition, then your systems is vulnerable.

[...]



-- 
Christian Knoke            * * *            http://cknoke.de
* * * * * * * * *  Ceterum censeo Microsoft esse dividendum.

Reply to:

Follow-Ups:
- Re: Fwd: CVE-2016-4484: - Cryptsetup Initrd root Shell
  - From: Adrian Bunk <bunk@stusta.de>
- Re: Fwd: CVE-2016-4484: - Cryptsetup Initrd root Shell
  - From: Sascha Reißner <reiszner@novaplan.at>

Prev by Date: Interesting in Digital Marketing Services
Next by Date: Re: Fwd: CVE-2016-4484: - Cryptsetup Initrd root Shell
Previous by thread: Interesting in Digital Marketing Services
Next by thread: Re: Fwd: CVE-2016-4484: - Cryptsetup Initrd root Shell
Index(es):
- Date
- Thread