[dm-crypt] About CVE-2016-4484: - Cryptsetup Initrd root Shell

Jonas Meurer jonas at freesources.org
Wed Dec 7 12:37:04 CET 2016


Hi there,

Am 15.11.2016 um 13:34 schrieb Milan Broz:
> just little bit clarification about CVE-2016-4484
> http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html
> 
> This bug is *NOT* cryptsetup/LUKS upstream bug, it is a minor problem in scripts
> unlocking an encrypted system.
> 
> It allows attacker to drop to initramdisk shell (without decryption of LUKS data).
> 
> The scripts are part of Debian cryptsetup package (as an addition to upstream)
> or part of dracut package (if dracut is used).

I decided to write down my thoughts on CVE-2016-4484 and published them
in a blog post:

https://blog.freesources.org/posts/2016/12/CVE-2016-4484/

Feel free to share your comments, criticism, opinion either in the blog
comments or here on the list.

Cheers,
 jonas


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 866 bytes
Desc: OpenPGP digital signature
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20161207/3053cf79/attachment.asc>


More information about the dm-crypt mailing list