Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtHector Marco1337DAY-ID-26344
HistoryNov 16, 2016 - 12:00 a.m.

Cryptsetup 2:1.7.3-2 Root Initramfs Shell Vulnerability

2016-11-1600:00:00
Hector Marco
0day.today
22

0.001 Low

EPSS

Percentile

42.9%

JSON

A vulnerability in Cryptsetup, concretely in the scripts that unlock the system partition when the partition is ciphered using LUKS (Linux Unified Key Setup). This vulnerability allows to obtain a root initramfs shell on affected systems. The vulnerability is very reliable because it doesn’t depend on specific systems or configurations. Attackers can copy, modify or destroy the hard disc as well as set up the network to data. In cloud environments it is also possible to remotely exploit this vulnerability without having “physical access”. Cryptsetup versions 2:1.7.3-2 and below are affected.

Affected package
----------------
Cryptsetup <= 2:1


CVE-ID
------
CVE-2016-4484


Description
-----------
A vulnerability in Cryptsetup, concretely in the scripts that unlock the
system partition when the partition is ciphered using LUKS (Linux
Unified Key Setup).

This vulnerability allows to obtain a root initramfs shell on affected
systems. The vulnerability is very reliable because it doesn't depend on
specific systems or configurations. Attackers can copy, modify or
destroy the hard disc as well as set up the network to exflitrate data.

In cloud environments it is also possible to remotely exploit this
vulnerability without having "physical access."


Full description:
-----------------
http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html


Regards,
Hector Marco & Ismael Ripoll.

#  0day.today [2018-04-14]  #

Related

redhatcve 1
debiancve 1
nessus 4
vulnerlab 2
cve 1
prion 1
osv 1
ubuntucve 1
nvd 1
threatpost 1
rosalinux 1
thn 1
seebug 1
cvelist 1
redhatcve
redhatcve
CVE-2016-4484
2016-11-15 09:17:17
debiancve
debiancve
CVE-2016-4484
2017-01-23 21:59:01
nessus
nessus
RHEL 6 : dracut (Unpatched Vulnerability)
2024-05-11 00:00:00
RHEL 6 : dracut (Unpatched Vulnerability)
2024-06-03 00:00:00
RHEL 7 : dracut (Unpatched Vulnerability)
2024-05-11 00:00:00
vulnerlab
vulnerlab
CryptSetup Ubuntu 16.4 CVE2016-4484 - Privilege Escalate
2016-11-18 00:00:00
CryptSetup Ubuntu 16.4 CVE2016-4484 - Privilege Escalate
2016-11-18 00:00:00
cve
cve
CVE-2016-4484
2017-01-23 21:59:01
prion
prion
Default credentials
2017-01-23 21:59:00
osv
osv
CVE-2016-4484
2017-01-23 21:59:01
ubuntucve
ubuntucve
CVE-2016-4484
2017-01-23 00:00:00
nvd
nvd
CVE-2016-4484
2017-01-23 21:59:01
threatpost
threatpost
Cryptsetup Vulnerability Grants Root Shell Access on Some Linux Systems
2016-11-15 15:28:18
rosalinux
rosalinux
Advisory ROSA-SA-2021-1815
2021-07-02 16:35:08
thn
thn
This Hack Gives Linux Root Shell Just By Pressing 'ENTER' for 70 Seconds
2016-11-15 22:40:00
seebug
seebug
Cryptsetup Initrd LUKS root Shell privilege escalation vulnerability
2016-11-17 00:00:00
cvelist
cvelist
CVE-2016-4484
2017-01-23 21:00:00

0.001 Low

EPSS

Percentile

42.9%

JSON
Related for 1337DAY-ID-26344
redhatcve1debiancve1nessus4vulnerlab2cve1prion1osv1ubuntucve1nvd1threatpost1rosalinux1thn1seebug1cvelist1