truecrypt
- Author: voroskoi
- Vulnerable: 4.2a-7terminus1
- Unaffected: 4.3-1terminus1
A security issue has been reported in TrueCrypt, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The problem is that users are able to dismount volumes mounted by other users when the set-euid mode in Linux is used. Tim Rees has discovered a security issue in TrueCrypt, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges. The security issue is caused if the “truecrypt” binary is installed setuid root. This can be exploited to cause a DoS or gain escalated privileges by e.g. mounting a malicious TrueCrypt disk into /usr/bin or another user’s home directory. Successful exploitation requires that TrueCrypt is installed setuid root (not default setting).
- Bug Tracker URL: http://bugs.frugalware.org/task/1879