[dm-crypt] About CVE-2016-4484: - Cryptsetup Initrd root Shell

Sven Eschenberg sven at whgl.uni-frankfurt.de
Tue Nov 15 14:32:54 CET 2016


Obviously it is not a bug in cryptsetup, but rather in dracut and some 
distributions initrd scripts. What's really annoying about the CVE is 
the fact, that it is mostly irrelevant. If I can get to the password 
entry of an initrd, I obviously have control over the boot process. If I 
do have control over the boot process I have a splendid variety of 
options to do all the things described in the CVE.

I wonder why the authors of the CVE recommend to freeze the system, 
instead of adding auth to get a shell. Seems quite stupid to completely 
remove the ability to investigate problems.

-Sven

Am 15.11.2016 um 13:34 schrieb Milan Broz:
> Hi all,
>
> just little bit clarification about CVE-2016-4484
> http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html
>
> This bug is *NOT* cryptsetup/LUKS upstream bug, it is a minor problem in scripts
> unlocking an encrypted system.
>
> It allows attacker to drop to initramdisk shell (without decryption of LUKS data).
>
> The scripts are part of Debian cryptsetup package (as an addition to upstream)
> or part of dracut package (if dracut is used).
>
> (The info about the problem was embargoed until the talk and only Debian maintainers
> were informed in advance.)
>
> Milan
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
>


More information about the dm-crypt mailing list