SUSE-SU-2021:2136-1 Security update for cryptctl

This update for cryptctl fixes the following issues: Update to version 2.4: - CVE-2019-18906: Client side password hashing was equivalent to clear text password storage bsc1186226 - First step to use plain text password instead of hashed password. - Move repository into the SUSE github organizati...

cryptctl file overwrite vulnerability

cryptctl is an open source disk encryption utility. The program sets up LUKS-based disk encryption using a randomly-generated secret key, which is kept in a dedicated secret key server. A security vulnerability exists in versions prior to cryptctl 2.0. An attacker can exploit the vulnerability by...

CVE-2017-9270

In cryptctl before version 2.0 a malicious server could send RPC requests that could overwrite files outside of the cryptctl key database...

Code injection

In cryptctl before version 2.0 a malicious server could send RPC requests that could overwrite files outside of the cryptctl key database...

CVE-2017-9270

In cryptctl before version 2.0 a malicious server could send RPC requests that could overwrite files outside of the cryptctl key database...

CVE-2017-9270 post-auth arbitrary file write on cryptctl server

In cryptctl before version 2.0 a malicious server could send RPC requests that could overwrite files outside of the cryptctl key database...

CVE-2017-9270

CVE-2017-9270 affects cryptctl prior to version 2.0. A vulnerability in the cryptctl RPC handling allows a malicious server to send RPC requests that overwrite files outside of the cryptctl key database. Impact is arbitrary file writes outside the key DB; exploit status is not detailed in the pro...

SUSE-SU-2017:1865-1 Security update for cryptctl

This update for cryptctl fixes an issue that could have allowed a malicious administrator to craft RPC requests to overwrite files outside of key database. bsc1041963 / CVE-2017-9270...