SecurityHome.eu Security vulnerability: cryptsetup-fail.txt

Home / vulnerabilities PDF

cryptsetup-fail.txt
Posted on 13 February 2009
Source : packetstormsecurity.org Link

Hello everyone,

I noticed last week that the Debian packaged version of cryptsetup has a
little limitation, which could be a security issue for people who have to
destroy their data forever.

It is impossible to destroy a keyslot when you used it to unlock the master
key.

I reported the bug to debian (etch and lenny are affected as far as I tested):
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513596
and to ubuntu (tested on hardy):
https://bugs.launchpad.net/cryptsetup/+bug/324871

It's not a major security problem, but people who were planning to run
'cryptsetup luksDelKey /dev/sda1 0' on their installation when the police
comes to wake them up should be adviced that it won't work out of the box.

Cheers,

Pierre Dinh-van

TOP

Malware :

Backdoor:Win32/Heloag.A
Exploit:Win32/CVE-2011-3402
Trojan:Win32/Obfac
Exploit:Win32/Pdfjsc.YP
TrojanDownloader:Win32/Bofang.B

Last 20

Exploits :

Customer Support System 1.0 Cross Site Scripting
Xhibiter NFT Marketplace 1.10.2 SQL Injection
WordPress WPCode Lite 2.1.14 Cross Site Scripting
Azon Dominator Affiliate Marketing Script SQL Injection
Simple Laboratory Management System 1.0 SQL Injection

Last 20