Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 17 Apr 2014 14:59:44 -0400 (EDT)
From: cve-assign@...re.org
To: kseifried@...hat.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: TrueCrypt audit report

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This report points out a number of issues that are certainly
worthwhile to fix (or, in some cases, "improve" rather than "fix")
within a product of this type. Not all of these issues would be
considered vulnerabilities in the classic sense. As far as we can tell,
the scope of the threat model or models was not explicitly defined
within the report document, and the report instead is described as
covering "issues that could lead to information disclosure, elevation
of privilege, or similar concerns." It's unclear why findings such as
the ability of an administrator to cause a BSOD are considered
"similar." Also, the report identifies some issues that are apparently
outside the intended security properties as described at:

  http://www.truecrypt.org/docs/security-model
  http://www.truecrypt.org/docs/physical-security
  http://www.truecrypt.org/docs/non-admin-users
  
In other cases, the report identifies behavior that is wrong, but does
not clarify whether there is a security impact or only a usability
impact. In addition, we are unaware of whether a vendor response
exists or is anticipated.

These are the three issues that, based on the information directly
contained in the report, would fall within the scope of CVE regardless
of the vendor response:

> TC_IOCTL_OPEN_TEST and TC_IOCTL_GET_SYSTEM_DRIVE_CONFIG: an attacker
> can
> 
>   -- Deduce the presence of files they do not have access to
>   -- Deduce if said files are smaller than TC_MAX_VOLUME_SECTOR_SIZE
>   -- Deduce if said files start with the string "TrueCrypt" or one of four magic markers

Use CVE-2014-2884.


> integer overflow in the MainThreadProc function in
> EncryptedIoQueue.c ... could result in information disclosure.
> 
> integer overflow in the ProcessVolumeDeviceControlIrp function in
> Ntdriver.c ... can result in Denial of Service (starve the kernel of
> memory)

Use CVE-2014-2885.


(i.e., three distinct issues but two CVE IDs)

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTUCRUAAoJEKllVAevmvmssIgIALDlarnSEWz7t+TCc/sqj6bB
v13XUmfCEP2s++SI7WjsJQEq+NDMXFNbNrydSiCtiIA3qnx+iJImwsYXM2MwWFX6
1B7/JOcJW8ncU8/X3ikJ5vETtSViQO6FLjh+yjYMgCK/okQ4AXDero2K/VAfqD3M
/Ns1ZDW3Jt60wzM3tjIxJcckMVLjd7VibYT/otH5tupRM8ytFzgvKtYQ3E/6X/IR
el0bEaSFysOY7s5QzZfQ68Vbwr+4Vx2WpcrclsAviyGiQs+klotRYRQRdYQfLOSW
9WO6T1DLtVG/8VaaHcLzV5EWXfCH88LotLximAtKONTwHjX94OUe4b/S4p9npaE=
=INWV
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ