oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: TrueCrypt audit report

From: cve-assign () mitre org
Date: Thu, 17 Apr 2014 14:59:44 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This report points out a number of issues that are certainly
worthwhile to fix (or, in some cases, "improve" rather than "fix")
within a product of this type. Not all of these issues would be
considered vulnerabilities in the classic sense. As far as we can tell,
the scope of the threat model or models was not explicitly defined
within the report document, and the report instead is described as
covering "issues that could lead to information disclosure, elevation
of privilege, or similar concerns." It's unclear why findings such as
the ability of an administrator to cause a BSOD are considered
"similar." Also, the report identifies some issues that are apparently
outside the intended security properties as described at:

  http://www.truecrypt.org/docs/security-model
  http://www.truecrypt.org/docs/physical-security
  http://www.truecrypt.org/docs/non-admin-users
  
In other cases, the report identifies behavior that is wrong, but does
not clarify whether there is a security impact or only a usability
impact. In addition, we are unaware of whether a vendor response
exists or is anticipated.

These are the three issues that, based on the information directly
contained in the report, would fall within the scope of CVE regardless
of the vendor response:


TC_IOCTL_OPEN_TEST and TC_IOCTL_GET_SYSTEM_DRIVE_CONFIG: an attacker
can

  -- Deduce the presence of files they do not have access to
  -- Deduce if said files are smaller than TC_MAX_VOLUME_SECTOR_SIZE
  -- Deduce if said files start with the string "TrueCrypt" or one of four magic markers


Use CVE-2014-2884.



integer overflow in the MainThreadProc function in
EncryptedIoQueue.c ... could result in information disclosure.

integer overflow in the ProcessVolumeDeviceControlIrp function in
Ntdriver.c ... can result in Denial of Service (starve the kernel of
memory)


Use CVE-2014-2885.


(i.e., three distinct issues but two CVE IDs)

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTUCRUAAoJEKllVAevmvmssIgIALDlarnSEWz7t+TCc/sqj6bB
v13XUmfCEP2s++SI7WjsJQEq+NDMXFNbNrydSiCtiIA3qnx+iJImwsYXM2MwWFX6
1B7/JOcJW8ncU8/X3ikJ5vETtSViQO6FLjh+yjYMgCK/okQ4AXDero2K/VAfqD3M
/Ns1ZDW3Jt60wzM3tjIxJcckMVLjd7VibYT/otH5tupRM8ytFzgvKtYQ3E/6X/IR
el0bEaSFysOY7s5QzZfQ68Vbwr+4Vx2WpcrclsAviyGiQs+klotRYRQRdYQfLOSW
9WO6T1DLtVG/8VaaHcLzV5EWXfCH88LotLximAtKONTwHjX94OUe4b/S4p9npaE=
=INWV
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: