CVE-2019-13179

Sažetak

Calamares versions 3.1 through 3.2.10 copies a LUKS encryption keyfile from /crypto_keyfile.bin (mode 0600 owned by root) to /boot within a globally readable initramfs image with insecure permissions, which allows this originally protected file to be read by any user, thereby disclosing decryption keys for LUKS containers created with Full Disk Encryption.

Reference

https://github.com/calamares/calamares/issues/1191
https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1835096
https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1835095
https://bugzilla.redhat.com/show_bug.cgi?id=1726542
https://calamares.io/calamares-cve-2019/
https://calamares.io/calamares-3.2.11-is-out/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q57BOTBA2J5U4GVKUP7N2PD5H7B3BVUU/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2ZDQRGBGRVRW5LPJWKUNS3M66LZ3KYC/

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

07-11-2023 - 03:03

Objavljeno

02-07-2019 - 23:15