PT-2019-13170 · Calamares+1 · Calamares+1

Tsimonq2

Publicado

2019-07-02

Atualizado

2019-12-09

CVE-2019-13178

CVSS v3.1

8.1

Alta

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Calamares versions 3.1 through 3.2.10

Description The issue is related to a race condition in the creation and permission setting of the LUKS encryption keyfile. This occurs between the time the keyfile is created and when secure permissions are set, potentially exposing the keyfile to unauthorized access.

Recommendations For Calamares versions 3.1 through 3.2.10, consider applying secure permissions immediately after creating the LUKS encryption keyfile to mitigate the risk of exploitation. As a temporary workaround, restrict access to the keyfile until a patch is available.

Exploit

Correção

Race Condition

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-362

Identificadores relacionados

CVE-2019-13178

OPENSUSE-SU-2019:2628-1

OPENSUSE-SU-2019:2654-1

OPENSUSE-SU-2019:2655-1

OPENSUSE-SU-2019_2628-1

OPENSUSE-SU-2024:10672-1

Produtos afetados

Calamares

Suse

PT-2019-13170 · Calamares+1 · Calamares+1

CVE-2019-13178

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 30