oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request: tboot failing to measure commandline parameters

From: cve-assign () mitre org
Date: Wed, 30 Jul 2014 14:05:53 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


The trusted boot loader module "tboot" did not measure all commandline parameters,
which made it possible to pretend a measured boot while there was workaround
possibility (breaking the measured boot chain).

All previous tboot versions < 1.8.2 are affected.

Security Fix: TBOOT Argument Measurement Vulnerability for GRUB2 + ELF Kernels
http://sourceforge.net/p/tboot/code/ci/0efdaf7c5348701484d24562e6e5323d85bb94d3/
http://sourceforge.net/p/tboot/mailman/message/32655538/
http://sourceforge.net/p/tboot/mailman/message/32659733/


Use CVE-2014-5118.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJT2TMTAAoJEKllVAevmvmsqIUIAJSv0E/CR8Qi9UOJ/DlI/uzk
9Ylv1vjg7upZDDXZxQKVEugNSgUfOFMIzYOrI896E9tPJlDQEYq9ZSA/Q8NAFco4
smjcW0+ggZRxZRssw0LHLUakmPL+Wr3R9yKppe87J+ceL6e4Levsa4xIg1EQ7y+2
chV61RYY4Fy9Mf2dRJzMYukInOmaQf+JGuRjwkLObG1iRTbzECNRheMk6Y36cRNb
N6tzbYoCZPf5aeWUOpZBHy+YhukHVIWxbBZyqfbESsrXg7NPMshJ6y7cz9d4Dlnf
d0yAhc+9lYsejr/QNNzC06yo5hPck9T1dnISo5mwXlA+580guRy3aDf57K5GO4k=
=xlz4
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: