← Back to CVEs

CVE-2019-13179

N/A

Description

Calamares versions 3.1 through 3.2.10 copies a LUKS encryption keyfile from /crypto_keyfile.bin (mode 0600 owned by root) to /boot within a globally readable initramfs image with insecure permissions, which allows this originally protected file to be read by any user, thereby disclosing decryption keys for LUKS containers created with Full Disk Encryption.

CVE Details

CVSS v3.1 ScoreN/A

Published7/2/2019

Last Modified11/21/2024

Sourcenvd

Honeypot Sightings0

Affected Products

calamares:calamares

Weaknesses (CWE)

CWE-522

References

https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1835095(cve@mitre.org)

https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1835096(cve@mitre.org)

https://bugzilla.redhat.com/show_bug.cgi?id=1726542(cve@mitre.org)

https://calamares.io/calamares-3.2.11-is-out/(cve@mitre.org)

https://calamares.io/calamares-cve-2019/(cve@mitre.org)

https://github.com/calamares/calamares/issues/1191(cve@mitre.org)

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q57BOTBA2J5U4GVKUP7N2PD5H7B3BVUU/(cve@mitre.org)

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2ZDQRGBGRVRW5LPJWKUNS3M66LZ3KYC/(cve@mitre.org)

https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1835095(af854a3a-2127-422b-91ae-364da2661108)

https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1835096(af854a3a-2127-422b-91ae-364da2661108)

https://bugzilla.redhat.com/show_bug.cgi?id=1726542(af854a3a-2127-422b-91ae-364da2661108)

https://calamares.io/calamares-3.2.11-is-out/(af854a3a-2127-422b-91ae-364da2661108)

https://calamares.io/calamares-cve-2019/(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/calamares/calamares/issues/1191(af854a3a-2127-422b-91ae-364da2661108)

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q57BOTBA2J5U4GVKUP7N2PD5H7B3BVUU/(af854a3a-2127-422b-91ae-364da2661108)

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2ZDQRGBGRVRW5LPJWKUNS3M66LZ3KYC/(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.