504 matches found
SUSE-SU-2017:3090-1 Recommended update for tboot
This update for tboot fixes the following issues: Security issue fixed: - CVE-2017-16837: Certain function pointers in Trusted Boot tboot through 1.9.6 are notvalidated and can cause arbitrary code execution, which allows local users tooverwrite dynamic PCRs of Trusted Platform Module TPM by h...
Trusted Boot Arbitrary Code Execution Vulnerability
Trusted Boot tboot is an open source pre-kernel/vmm module that supports booting OS kernels/VMMs after measurement and determination utilizing Intel TXT technology. An arbitrary code execution vulnerability exists in Boot 1.9.6 and earlier versions, which stems from a program's failure to validat...
BSA-2017-474
Security Advisory ID : BSA-2017-474 Component : Infineon RSA Library Revision : 2.0: Final The Infineon RSA library version 1.02.013 in Infineon Trusted Platform Module TPM firmware mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection...
CVE-2017-16837
Certain function pointers in Trusted Boot tboot through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module TPM by hooking these function pointers...
Code injection
Certain function pointers in Trusted Boot tboot through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module TPM by hooking these function pointers...
UBUNTU-CVE-2017-16837
Certain function pointers in Trusted Boot tboot through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module TPM by hooking these function pointers...
CVE-2017-16837
Certain function pointers in Trusted Boot tboot through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module TPM by hooking these function pointers...
CVE-2017-16837
Certain function pointers in Trusted Boot tboot through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module TPM by hooking these function pointers...
Microsoft Windows Server 2012 Multiple Vulnerabilities (KB4048959)
This host is missing an important security update according to Microsoft KB4048959 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...
Microsoft Windows Multiple Vulnerabilities (KB4048952)
This host is missing a critical security update according to Microsoft KB4048952 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
November 14, 2017—KB4048956 (OS Build 10240.17673)
November 14, 2017—KB4048956 OS Build 10240.17673 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addressed issue where roaming user profile–enabled accounts intermittently synchronize the...
Juniper SRX300 Series Trusted Platform Module Firmware Information Disclosure Vulnerability
The Juniper SRX300 Series is a firewall product from Juniper Networks, Inc.The Trusted Platform Module TPM is one of the test platform modules. A security vulnerability exists in the TPM firmware version 4.40 in the Juniper SRX300 Series in the process of generating encryption keys. An attacker...
CVE-2017-10606
Version 4.40 of the TPM Trusted Platform Module firmware on Juniper Networks SRX300 Series has a weakness in generating cryptographic keys that may allow an attacker to decrypt sensitive information in SRX300 Series products. The TPM is used in the SRX300 Series to encrypt sensitive configuration...
Bitlocker Device Policy
Windows 10 Enterprise includes a disk encryption feature called BitLocker, which provides extra file and system protections against unauthorized access of a lost or stolen device. For more protection, you can use BitLocker with Trusted Platform Module TPM chips, version 1.2 or later. A TPM chip...
tpm2-tools Authentication Authorization Vulnerability
tpm2-tools is a toolkit for monitoring trusted platform modules in Linux. A security vulnerability exists in versions of tpm2-tools prior to 1.1.1, which stems from the program passing passwords from the client to the server in plaintext. An attacker could exploit the vulnerability to obtain...
Extending Linux Executable Logging With The Integrity Measurement Architecture
Gaining insight into the files being executed on your system is a great first step towards improved visibility on your endpoints. Taking this a step further, centrally storing logs of file execution data so they can be used for detection and hunting provides an excellent opportunity to find evil ...
DoD DIACAP transition to RMF approved
Welcome DIARMF! This has been a long time coming. From DITSCAP to DIACAP and now to DIARMF the Department of Defense approved the transition to a Risk Management Framework RMF approach developed by NIST on March 12. What does this mean for Information Systems and Platform Information Technology...
Gap Widens Between Attackers, BIOS Forensics, Research
Vendors have made important strides in locking down operating systems, patching memory-related vulnerabilities and other bugs that could lead to remote code execution or give hackers a stealthy presence on a machine. As the hurdles get higher for the bad guys, the better ones will certainly look...
TPM Chip in Windows 8 Lays Foundation for Widespread Enhancements to Hardware-Based Security
Today’s release of the Microsoft Windows 8 operating system brings embedded hardware-level security to the forefront. Microsoft, going forward, will require the Trusted Platform Module TPM chip on Windows PCs, phones and tablets, moving security checks to the platoform’s lowest level. TPM isn’t...
Scientific Linux Security Update : kernel on SL5.x i386/x86_64
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes : - The maximum file offset handling for ext4 file systems could allow a local, unprivileged user to cause a denial of service. CVE-2011-2695, Important - IPv6 fragment identification value...