TROYANOSYVIRUS
Zuruck zu CVEs

CVE-2019-13179

N/A

Beschreibung

Calamares versions 3.1 through 3.2.10 copies a LUKS encryption keyfile from /crypto_keyfile.bin (mode 0600 owned by root) to /boot within a globally readable initramfs image with insecure permissions, which allows this originally protected file to be read by any user, thereby disclosing decryption keys for LUKS containers created with Full Disk Encryption.

CVE Details

CVSS v3.1 BewertungN/A
Veroffentlicht7/2/2019
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0

Betroffene Produkte

calamares:calamares

Schwachen (CWE)

CWE-522

Referenzen

https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1835095(cve@mitre.org)
https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1835096(cve@mitre.org)
https://bugzilla.redhat.com/show_bug.cgi?id=1726542(cve@mitre.org)
https://calamares.io/calamares-3.2.11-is-out/(cve@mitre.org)
https://calamares.io/calamares-cve-2019/(cve@mitre.org)
https://github.com/calamares/calamares/issues/1191(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q57BOTBA2J5U4GVKUP7N2PD5H7B3BVUU/(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2ZDQRGBGRVRW5LPJWKUNS3M66LZ3KYC/(cve@mitre.org)
https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1835095(af854a3a-2127-422b-91ae-364da2661108)
https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1835096(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=1726542(af854a3a-2127-422b-91ae-364da2661108)
https://calamares.io/calamares-3.2.11-is-out/(af854a3a-2127-422b-91ae-364da2661108)
https://calamares.io/calamares-cve-2019/(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/calamares/calamares/issues/1191(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q57BOTBA2J5U4GVKUP7N2PD5H7B3BVUU/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2ZDQRGBGRVRW5LPJWKUNS3M66LZ3KYC/(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.