CVE-2008-3899

CVE-2008-3899 concerns TrueCrypt 5.0, where pre-boot authentication passwords are stored in the BIOS keyboard buffer and not cleared before/after use. This allows local users to read memory locations associated with that buffer and potentially obtain sensitive information. The vulnerability is ro...

[IVIZ-08-003] TrueCrypt Security Model bypass exploiting wrong BIOS API usage

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ----------------------------------------------------------------------- iViZ Security Advisory 08-003 25/08/2008 - ----------------------------------------------------------------------- iViZ Techno Solutions Pvt. Ltd. http://www.ivizsecurity.com -...

TrueCrypt <= 4.3 Local Privilege Escalation Exploit (CVE-2007-1738)

No description provided by source. $Id: raptortruecrypt,v 1.1.1.1 2007/04/04 11:31:56 raptor Exp $ raptortruecrypt - setuid truecrypt privilege escalation Copyright c 2007 Marco Ivaldi [email protected] TrueCrypt 4.3, when installed setuid root, allows local users to cause a denial of servic...

TrueCrypt 4.3 - setuid Local Privilege Escalation

TrueCrypt 4.3 - setuid Local Privilege Escalation $Id: raptortruecrypt,v 1.1.1.1 2007/04/04 11:31:56 raptor Exp $ raptortruecrypt - setuid truecrypt privilege escalation Copyright c 2007 Marco Ivaldi TrueCrypt 4.3, when installed setuid root, allows local users to cause a denial of service...

TrueCrypt <= 4.3 Local Privilege Escalation Exploit (CVE-2007-1738)

Exploit for unknown platform in category local exploits =================================================================== TrueCrypt TrueCrypt 4.3, when installed setuid root, allows local users to cause a denial of service filesystem unavailability or gain privileges by mounting a crafted...

TrueCrypt 4.3 - &#039;setuid&#039; Local Privilege Escalation

$Id: raptortruecrypt,v 1.1.1.1 2007/04/04 11:31:56 raptor Exp $ raptortruecrypt - setuid truecrypt privilege escalation Copyright c 2007 Marco Ivaldi TrueCrypt 4.3, when installed setuid root, allows local users to cause a denial of service filesystem unavailability or gain privileges by mounting...

TrueCrypt Dismount Set-EUID本地拒绝服务漏洞

TrueCrypt是一款免费开源虚拟加密盘加密软件。 TrueCrypt存在设计错误，本地攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 本地攻击者可以卸挂其他用户挂接的驱动盘，导致拒绝服务攻击。目前没有详细漏洞细节提供。 TrueCrypt TrueCrypt 4.2 TrueCrypt TrueCrypt 4.1 TrueCrypt TrueCrypt 4.0 TrueCrypt TrueCrypt 3.0 升级到最新程序： http://www.truecrypt.org/docs/?s=version-history...

Design/Logic Flaw

TrueCrypt 4.3, when installed setuid root, allows local users to cause a denial of service filesystem unavailability or gain privileges by mounting a crafted TrueCrypt volume, as demonstrated using 1 /usr/bin or 2 another user's home directory, a different issue than CVE-2007-1589...

CVE-2007-1738

TrueCrypt 4.3, when installed setuid root, allows local users to cause a denial of service filesystem unavailability or gain privileges by mounting a crafted TrueCrypt volume, as demonstrated using 1 /usr/bin or 2 another user's home directory, a different issue than CVE-2007-1589...

CVE-2007-1738

TrueCrypt 4.3, when installed setuid root, enables local privilege escalation and potential denial of service by mounting a crafted TrueCrypt volume. Affected component is the volume mounting mechanism; exploitation demonstrated using (1) /usr/bin or (2) another user’s home directory. The provide...

CVE-2007-1738

TrueCrypt 4.3, when installed setuid root, allows local users to cause a denial of service filesystem unavailability or gain privileges by mounting a crafted TrueCrypt volume, as demonstrated using 1 /usr/bin or 2 another user's home directory, a different issue than CVE-2007-1589...

Denial of Service Vulnerabilities in TrueCrypt 4.3 Linux &#40;re. bid 23180&#41;

TrueCrypt 4.3 for Linux from http://www.truecrypt.org/ It seems to be possible to perform various denial of service attacks on a Linux computer running TrueCrypt in set-uid root mode, or possible introduce evil binaries into normally trusted locations. I tested this on the latest version, 4.3,...

Truecrypt privilege escalation

In suid mode it's possible for user to mount crypted filesystem to any directory...

CVE-2007-1589

TrueCrypt before 4.3, when set-euid mode is used on Linux, allows local users to cause a denial of service filesystem unavailability by dismounting a volume mounted by a different user...

Code injection

TrueCrypt before 4.3, when set-euid mode is used on Linux, allows local users to cause a denial of service filesystem unavailability by dismounting a volume mounted by a different user...

CVE-2007-1589

Technical details for CVE-2007-1589 are not publicly available in the provided documents. No concrete product/version/root-cause/impact data is supplied beyond the initial description; monitor for updates from official advisories before assessment.

CVE-2007-1589

TrueCrypt before 4.3, when set-euid mode is used on Linux, allows local users to cause a denial of service filesystem unavailability by dismounting a volume mounted by a different user...

Design/Logic Flaw

Untrusted search path vulnerability in Truecrypt 4.1, when running suid root on Linux, allows local users to execute arbitrary commands and gain privileges via a modified PATH environment variable that references a malicious mount command...

CVE-2006-2183

Untrusted search path vulnerability in Truecrypt 4.1, when running suid root on Linux, allows local users to execute arbitrary commands and gain privileges via a modified PATH environment variable that references a malicious mount command...

CVE-2006-2183

Untrusted search path vulnerability in Truecrypt 4.1, when running suid root on Linux, allows local users to execute arbitrary commands and gain privileges via a modified PATH environment variable that references a malicious mount command...