Re: Fwd: CVE-2016-4484: - Cryptsetup Initrd root Shell

To: Debian User German <debian-user-german@lists.debian.org>
Subject: Re: Fwd: CVE-2016-4484: - Cryptsetup Initrd root Shell
From: Adrian Bunk <bunk@stusta.de>
Date: Tue, 15 Nov 2016 20:21:31 +0200
Message-id: <[🔎] 20161115182130.4t2sanohw2ahrzh6@bunk.spdns.de>
In-reply-to: <[🔎] 20161115110858.GA1635@leo.home.cknoke.de>
References: <[🔎] 20161115110858.GA1635@leo.home.cknoke.de>

On Tue, Nov 15, 2016 at 12:08:58PM +0100, Christian Knoke wrote:
> 
> Moin,
> 
> aus persönlichem Interesse, und weils Debian im besonderen betrifft, eine Bugtraq
> Meldung über cryptsetup:
> 
> http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html
> 
> -->-->--
> If you use Debian or Ubuntu/ (probably many derived distributions are also
> vulnerable, but we have not tested), and you have encrypted the system   
> partition, then your systems is vulnerable.
> --<--<--
>...

https://security-tracker.debian.org/tracker/CVE-2016-4484

http://lwn.net/Articles/706447/
"What you gain is a root access to the initramfs, which you usually can 
 access in other ways if you already have physical access to enter a 
 passphrase to unlock the encrypted partition."

> Gruß
> Christian

cu
Adrian

-- 

       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed

Reply to:

Follow-Ups:
- Re: Fwd: CVE-2016-4484: - Cryptsetup Initrd root Shell
  - From: Christian Knoke <chrisk@cknoke.de>

References:
- Fwd: CVE-2016-4484: - Cryptsetup Initrd root Shell
  - From: Christian Knoke <chrisk@cknoke.de>

Prev by Date: Fwd: CVE-2016-4484: - Cryptsetup Initrd root Shell
Next by Date: Re: Fwd: CVE-2016-4484: - Cryptsetup Initrd root Shell
Previous by thread: Fwd: CVE-2016-4484: - Cryptsetup Initrd root Shell
Next by thread: Re: Fwd: CVE-2016-4484: - Cryptsetup Initrd root Shell
Index(es):
- Date
- Thread