CVE-2022-34301

A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader...

Adventures in Contacting the Russian FSB

KrebsOnSecurity recently had occasion to contact the Russian Federal Security Service FSB, the Russian equivalent of the U.S. Federal Bureau of Investigation FBI. In the process of doing so, I encountered a small snag: The FSBs website said in order to communicate with them securely, I needed to...

CryptoPro CSP Denial of Service Vulnerability

CryptoPro CSP is a cryptographic software package from the Russian company CryptoPro. The package is a windows/linux based cryptographic service that can be used to create cryptographic messages encryptions, digital signatures, build and validate certificate chains, generate keys and process...

CVE-2020-9331

CryptoPro CSP through 5.0.0.10004 on 32-bit platforms allows Local Privilege Escalation by local users with the SeChangeNotifyPrivilege right because user-mode input is mishandled during process creation. An attacker can write arbitrary data to an arbitrary location in the kernel's address space...

CVE-2020-9361

CryptoPro CSP through 5.0.0.10004 on 64-bit platforms allows local users with the SeChangeNotifyPrivilege right to cause denial of service because user-mode input is mishandled during process creation...

CVE-2020-9361

CryptoPro CSP through 5.0.0.10004 on 64-bit platforms allows local users with the SeChangeNotifyPrivilege right to cause denial of service because user-mode input is mishandled during process creation...

CVE-2020-9331

CryptoPro CSP through 5.0.0.10004 on 32-bit platforms allows Local Privilege Escalation by local users with the SeChangeNotifyPrivilege right because user-mode input is mishandled during process creation. An attacker can write arbitrary data to an arbitrary location in the kernel's address space...

Privilege escalation

CryptoPro CSP through 5.0.0.10004 on 32-bit platforms allows Local Privilege Escalation by local users with the SeChangeNotifyPrivilege right because user-mode input is mishandled during process creation. An attacker can write arbitrary data to an arbitrary location in the kernel's address space...

Code injection

CryptoPro CSP through 5.0.0.10004 on 64-bit platforms allows local users with the SeChangeNotifyPrivilege right to cause denial of service because user-mode input is mishandled during process creation...

CVE-2020-9331

CryptoPro CSP through 5.0.0.10004 on 32-bit platforms allows Local Privilege Escalation by local users with the SeChangeNotifyPrivilege right because user-mode input is mishandled during process creation. An attacker can write arbitrary data to an arbitrary location in the kernel's address space...

CVE-2020-9331

CVE-2020-9331 affects CryptoPro CSP up to version 5.0.0.10004 on 32-bit platforms. The root cause is mishandling of user-mode input during process creation, enabling a local attacker with SeChangeNotifyPrivilege to write arbitrary data to the kernel address space, resulting in Local Privilege Esc...

CVE-2020-9361

CryptoPro CSP through 5.0.0.10004 on 64-bit platforms allows local users with the SeChangeNotifyPrivilege right to cause denial of service because user-mode input is mishandled during process creation...

CVE-2020-9361

CryptoPro CSP (Windows/Linux) v5.0.0.10004 and earlier on 64-bit platforms is affected by a denial-of-service vulnerability. The issue originates from how user-mode input is processed during process creation, allowing a local user with SeChangeNotifyPrivilege to trigger a crash or service disrupt...

SUSE SLED15 / SLES15 Security Update : libepubgen, liblangtag, libmwaw, libnumbertext, libreoffice, libstaroffice, libwps, myspell-dictionaries, xmlsec1 (SUSE-SU-2018:3683-1)

This update for LibreOffice, libepubgen, liblangtag, libmwaw, libnumbertext, libstaroffice, libwps, myspell-dictionaries, xmlsec1 fixes the following issues : LibreOffice was updated to 6.1.3.2 fate326624 and contains new features and lots of bugfixes : The full changelog can be found on :...

CryptWare CryptoPro Secure Disk for Bitlocker Local Security Bypass Vulnerability

CryptWare CryptoPro Secure Disk for Bitlocker is a secure disk product from CryptWare IT Security, Germany, that centrally manages Microsoft BitLocker! disk encryption utility through its own Pre-Boot Authentication PBA feature. A local security bypass vulnerability exists in CryptWare CryptoPro...

CryptWare CryptoPro Secure Disk For Bitlocker 5.1.0.6474 Manipulation

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Manipulation of pre-boot authentication product: CryptWare CryptoPro Secure Disk for Bitlocker vulnerable version: 5.1.0.6474 fixed version: 5.2.1 CVE number: - impact:...