oss-sec mailing list archives
Re: CVE Request: tboot failing to measure commandline parameters
From: cve-assign () mitre org
Date: Wed, 30 Jul 2014 14:05:53 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The trusted boot loader module "tboot" did not measure all commandline parameters, which made it possible to pretend a measured boot while there was workaround possibility (breaking the measured boot chain). All previous tboot versions < 1.8.2 are affected. Security Fix: TBOOT Argument Measurement Vulnerability for GRUB2 + ELF Kernels http://sourceforge.net/p/tboot/code/ci/0efdaf7c5348701484d24562e6e5323d85bb94d3/ http://sourceforge.net/p/tboot/mailman/message/32655538/ http://sourceforge.net/p/tboot/mailman/message/32659733/
Use CVE-2014-5118. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJT2TMTAAoJEKllVAevmvmsqIUIAJSv0E/CR8Qi9UOJ/DlI/uzk 9Ylv1vjg7upZDDXZxQKVEugNSgUfOFMIzYOrI896E9tPJlDQEYq9ZSA/Q8NAFco4 smjcW0+ggZRxZRssw0LHLUakmPL+Wr3R9yKppe87J+ceL6e4Levsa4xIg1EQ7y+2 chV61RYY4Fy9Mf2dRJzMYukInOmaQf+JGuRjwkLObG1iRTbzECNRheMk6Y36cRNb N6tzbYoCZPf5aeWUOpZBHy+YhukHVIWxbBZyqfbESsrXg7NPMshJ6y7cz9d4Dlnf d0yAhc+9lYsejr/QNNzC06yo5hPck9T1dnISo5mwXlA+580guRy3aDf57K5GO4k= =xlz4 -----END PGP SIGNATURE-----
Current thread:
- CVE Request: tboot failing to measure commandline parameters Marcus Meissner (Jul 29)
- Re: CVE Request: tboot failing to measure commandline parameters cve-assign (Jul 30)