Re: Fwd: CVE-2016-4484: - Cryptsetup Initrd root Shell
On Tue, Nov 15, 2016 at 12:08:58PM +0100, Christian Knoke wrote:
>
> Moin,
>
> aus persönlichem Interesse, und weils Debian im besonderen betrifft, eine Bugtraq
> Meldung über cryptsetup:
>
> http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html
>
> -->-->--
> If you use Debian or Ubuntu/ (probably many derived distributions are also
> vulnerable, but we have not tested), and you have encrypted the system
> partition, then your systems is vulnerable.
> --<--<--
>...
https://security-tracker.debian.org/tracker/CVE-2016-4484
http://lwn.net/Articles/706447/
"What you gain is a root access to the initramfs, which you usually can
access in other ways if you already have physical access to enter a
passphrase to unlock the encrypted partition."
> Gruß
> Christian
cu
Adrian
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
Reply to: