Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 30 Jul 2014 14:05:53 -0400 (EDT)
From: cve-assign@...re.org
To: meissner@...e.de
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE Request: tboot failing to measure commandline parameters

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> The trusted boot loader module "tboot" did not measure all commandline parameters,
> which made it possible to pretend a measured boot while there was workaround
> possibility (breaking the measured boot chain).
> 
> All previous tboot versions < 1.8.2 are affected.
> 
> Security Fix: TBOOT Argument Measurement Vulnerability for GRUB2 + ELF Kernels
> http://sourceforge.net/p/tboot/code/ci/0efdaf7c5348701484d24562e6e5323d85bb94d3/
> http://sourceforge.net/p/tboot/mailman/message/32655538/
> http://sourceforge.net/p/tboot/mailman/message/32659733/

Use CVE-2014-5118.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJT2TMTAAoJEKllVAevmvmsqIUIAJSv0E/CR8Qi9UOJ/DlI/uzk
9Ylv1vjg7upZDDXZxQKVEugNSgUfOFMIzYOrI896E9tPJlDQEYq9ZSA/Q8NAFco4
smjcW0+ggZRxZRssw0LHLUakmPL+Wr3R9yKppe87J+ceL6e4Levsa4xIg1EQ7y+2
chV61RYY4Fy9Mf2dRJzMYukInOmaQf+JGuRjwkLObG1iRTbzECNRheMk6Y36cRNb
N6tzbYoCZPf5aeWUOpZBHy+YhukHVIWxbBZyqfbESsrXg7NPMshJ6y7cz9d4Dlnf
d0yAhc+9lYsejr/QNNzC06yo5hPck9T1dnISo5mwXlA+580guRy3aDf57K5GO4k=
=xlz4
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ