Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 22 Sep 2015 20:00:26 +0200
From: VeraCrypt Team <veracrypt@...ix.fr>
To: oss-security@...ts.openwall.com
Subject: CVE Request - TrueCrypt 7.1a and VeraCrypt 1.14 Local Elevation of
 Privilege


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
 
Hi,

I would like to request two CVE identifiers for the two security issues
described below affecting TrueCrypt 7.1a (latest version) and its fork
VeraCrypt 1.14 (latest version) running on all versions of Windows.

These issues were reported by James Forshaw (Google).

Issue 1: Local Elevation of Privilege on Windows by abusing
              drive letter handling.

Issue 2: Local Elevation of Privilege on Windows caused by incorrect
              Impersonation Token Handling.

Issue 1 is critical.

A fix has already been developed. Version 1.15 of VeraCrypt will be
released soon to address those issues.

For your information, I have sent a similar CVE request to mitre.org.

Regards,
- -- 
Mounir IDRASSI
https://veracrypt.codeplex.com
https://www.idrix.fr
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQIcBAEBCgAGBQJWAZc3AAoJEOtVnHxU3dOT9FAQAJF5RtEuWnMVp8qLVKZewJuH
su6zPOuErxyJRKPTcnt2drT4/merlDN7OHYmoCB8d4KShEECM8plb71Zv6tsft28
B8Oi8BUvJxzSeFj+n5rPYTRSidtPeJr3S110gCkTS4mPcOLsqVzDSMurzye0C1QP
U6wxIRQEps+678B9inXANKMrHnE2MBCbjEz+YXHpX9Wn4uFxJFjXGhSG5ixCXwFh
yGCA9tshoCDL2WGdG7uCKRiathWZvLk25tJxH+WnSs/wVcrjBJJEww5yUcVYN+tP
1w1wUg8RK56Ostk5MUCOcjVozKfFnhEdpKSjnfzUiOOq1bQKOhkERUM4KovMQinY
mj6+bgZq2pASqZhiqZjzPOFkz1eIZevcS5onmGV9StSIpnUfeVLpj2gFM0B9dS/1
jjoQeJN6UA3ImFDNlqNcHUxGVrL6PQES+3md8o+EmnsoDluJqqSn+4j/Ik08xKnG
rtHV19GdXo8mXui4uzBSPVlfCSHdXSVMhglJx/ItltWLuj+IuH5qizbCV/h4UJ/+
ryDvK3ZjfLejVTP4AufrVF8iXmizabYLfZs8/gUdXYphbV+S2Br/HOUnj6bbOZpP
Oo1suGw1YiQHgP3OShb2+rvLwBUYgE9f3aLpx1/xqHrGuHhB719waQAjUvYF6SZw
Wtx6mytjT3HfWvHoORjd
=hbTv
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ