Fwd: CVE-2016-4484: - Cryptsetup Initrd root Shell

15/11/2016 - 12:10 von Christian Knoke | Report spam
Moin,

aus persönlichem Interesse, und weils Debian im besonderen betrifft, eine Bugtraq
Meldung über cryptsetup:

http://hmarco.org/bugs/CVE-2016-448...shell.html

If you use Debian or Ubuntu/ (probably many derived distributions are also
vulnerable, but we have not tested), and you have encrypted the system
partition, then your systems is vulnerable.

Ich hatte mich schon früher an den cryptsetup Scripten geàrgert, weil die
nicht so funktionieren wie sie sollen. Die Scripte sind Debian-spezifisch,
nehme ich an.

Unten noch der Beginn der Originalmeldung.

Gruß
Christian




Authors: Hector Marco & Ismael Ripoll -- Cybersecurity Group
CVE: CVE-2016-4484
Comment: CWE-636: Not failing securely.
Dates: November 11th, 2016 - Disclosed at DeepSec 2016, Viena.
November 14th, 2016 - Published in the web.

Description

A vulnerability in Cryptsetup, concretely in the scripts that unlock the
system partition when the partition is ciphered using LUKS (Linux Unified
Key Setup). The disclosure of this vulnerability was presented as part of
our talk "Abusing LUKS to Hack the System" in the DeepSec 2016 security
conference, Vienna.

This vulnerability allows to obtain a root initramfs shell on affected
systems. The vulnerability is very reliable because it doesn't depend on
specific systems or configurations. Attackers can copy, modify or destroy
the hard disc as well as set up the network to exflitrate data. This
vulnerability is specially serious in environments like libraries, ATMs,
airport machines, labs, etc, where the whole boot process is protect
(password in BIOS and GRUB) and we only have a keyboard or/and a mouse.

Note that in cloud environments it is also possible to remotely exploit this
vulnerability without having "physical access."

Am I vulnerable ?

If you use Debian or Ubuntu/ (probably many derived distributions are also
vulnerable, but we have not tested), and you have encrypted the system
partition, then your systems is vulnerable.

[...]



Christian Knoke * * * http://cknoke.de
* * * * * * * * * Ceterum censeo Microsoft esse dividendum.
 

Lesen sie die antworten

#1 Adrian Bunk
15/11/2016 - 19:30 | Warnen spam
On Tue, Nov 15, 2016 at 12:08:58PM +0100, Christian Knoke wrote:

Moin,

aus persönlichem Interesse, und weils Debian im besonderen betrifft, eine Bugtraq
Meldung über cryptsetup:

http://hmarco.org/bugs/CVE-2016-448...shell.html

If you use Debian or Ubuntu/ (probably many derived distributions are also
vulnerable, but we have not tested), and you have encrypted the system
partition, then your systems is vulnerable.
...



https://security-tracker.debian.org...-2016-4484

http://lwn.net/Articles/706447/
"What you gain is a root access to the initramfs, which you usually can
access in other ways if you already have physical access to enter a
passphrase to unlock the encrypted partition."

Gruß
Christian



cu
Adrian


"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed

Ähnliche fragen