Date: Tue, 22 Sep 2015 20:00:26 +0200 From: VeraCrypt Team <veracrypt@...ix.fr> To: oss-security@...ts.openwall.com Subject: CVE Request - TrueCrypt 7.1a and VeraCrypt 1.14 Local Elevation of Privilege -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi, I would like to request two CVE identifiers for the two security issues described below affecting TrueCrypt 7.1a (latest version) and its fork VeraCrypt 1.14 (latest version) running on all versions of Windows. These issues were reported by James Forshaw (Google). Issue 1: Local Elevation of Privilege on Windows by abusing drive letter handling. Issue 2: Local Elevation of Privilege on Windows caused by incorrect Impersonation Token Handling. Issue 1 is critical. A fix has already been developed. Version 1.15 of VeraCrypt will be released soon to address those issues. For your information, I have sent a similar CVE request to mitre.org. Regards, - -- Mounir IDRASSI https://veracrypt.codeplex.com https://www.idrix.fr -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCgAGBQJWAZc3AAoJEOtVnHxU3dOT9FAQAJF5RtEuWnMVp8qLVKZewJuH su6zPOuErxyJRKPTcnt2drT4/merlDN7OHYmoCB8d4KShEECM8plb71Zv6tsft28 B8Oi8BUvJxzSeFj+n5rPYTRSidtPeJr3S110gCkTS4mPcOLsqVzDSMurzye0C1QP U6wxIRQEps+678B9inXANKMrHnE2MBCbjEz+YXHpX9Wn4uFxJFjXGhSG5ixCXwFh yGCA9tshoCDL2WGdG7uCKRiathWZvLk25tJxH+WnSs/wVcrjBJJEww5yUcVYN+tP 1w1wUg8RK56Ostk5MUCOcjVozKfFnhEdpKSjnfzUiOOq1bQKOhkERUM4KovMQinY mj6+bgZq2pASqZhiqZjzPOFkz1eIZevcS5onmGV9StSIpnUfeVLpj2gFM0B9dS/1 jjoQeJN6UA3ImFDNlqNcHUxGVrL6PQES+3md8o+EmnsoDluJqqSn+4j/Ik08xKnG rtHV19GdXo8mXui4uzBSPVlfCSHdXSVMhglJx/ItltWLuj+IuH5qizbCV/h4UJ/+ ryDvK3ZjfLejVTP4AufrVF8iXmizabYLfZs8/gUdXYphbV+S2Br/HOUnj6bbOZpP Oo1suGw1YiQHgP3OShb2+rvLwBUYgE9f3aLpx1/xqHrGuHhB719waQAjUvYF6SZw Wtx6mytjT3HfWvHoORjd =hbTv -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ