[dm-crypt] About CVE-2016-4484: - Cryptsetup Initrd root Shell
jonas at freesources.org
Wed Dec 7 12:37:04 CET 2016
Am 15.11.2016 um 13:34 schrieb Milan Broz:
> just little bit clarification about CVE-2016-4484
> This bug is *NOT* cryptsetup/LUKS upstream bug, it is a minor problem in scripts
> unlocking an encrypted system.
> It allows attacker to drop to initramdisk shell (without decryption of LUKS data).
> The scripts are part of Debian cryptsetup package (as an addition to upstream)
> or part of dracut package (if dracut is used).
I decided to write down my thoughts on CVE-2016-4484 and published them
in a blog post:
Feel free to share your comments, criticism, opinion either in the blog
comments or here on the list.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 866 bytes
Desc: OpenPGP digital signature
More information about the dm-crypt