Computer Security
[EN] securityvulns.ru no-pyccku


Truecrypt privilege escalation
Published:28.03.2007
Source:
SecurityVulns ID:7486
Type:local
Threat Level:
5/10
Description:In suid mode it's possible for user to mount crypted filesystem to any directory.
Affected:TRUECRYPT : TrueCrypt 4.3
CVE:CVE-2007-1738 (TrueCrypt 4.3, when installed setuid root, allows local users to cause a denial of service (filesystem unavailability) or gain privileges by mounting a crafted TrueCrypt volume, as demonstrated using (1) /usr/bin or (2) another user's home directory, a different issue than CVE-2007-1589.)
 CVE-2007-1589 (TrueCrypt before 4.3, when set-euid mode is used on Linux, allows local users to cause a denial of service (filesystem unavailability) by dismounting a volume mounted by a different user.)
Original documentdocumentTim Rees, Denial of Service Vulnerabilities in TrueCrypt 4.3 Linux (re. bid 23180) (28.03.2007)
Files:raptor_truecrypt - setuid truecrypt privilege escalation

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod