[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Re: CVE Request: tboot failing to measure commandline parameters
From: cve-assign () mitre ! org
Date: 2014-07-30 18:05:53
Message-ID: 20140730180553.84A2A6C025F () smtpvmsrv1 ! mitre ! org
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> The trusted boot loader module "tboot" did not measure all commandline parameters,
> which made it possible to pretend a measured boot while there was workaround
> possibility (breaking the measured boot chain).
>
> All previous tboot versions < 1.8.2 are affected.
>
> Security Fix: TBOOT Argument Measurement Vulnerability for GRUB2 + ELF Kernels
> http://sourceforge.net/p/tboot/code/ci/0efdaf7c5348701484d24562e6e5323d85bb94d3/
> http://sourceforge.net/p/tboot/mailman/message/32655538/
> http://sourceforge.net/p/tboot/mailman/message/32659733/
Use CVE-2014-5118.
- --
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)
iQEcBAEBAgAGBQJT2TMTAAoJEKllVAevmvmsqIUIAJSv0E/CR8Qi9UOJ/DlI/uzk
9Ylv1vjg7upZDDXZxQKVEugNSgUfOFMIzYOrI896E9tPJlDQEYq9ZSA/Q8NAFco4
smjcW0+ggZRxZRssw0LHLUakmPL+Wr3R9yKppe87J+ceL6e4Levsa4xIg1EQ7y+2
chV61RYY4Fy9Mf2dRJzMYukInOmaQf+JGuRjwkLObG1iRTbzECNRheMk6Y36cRNb
N6tzbYoCZPf5aeWUOpZBHy+YhukHVIWxbBZyqfbESsrXg7NPMshJ6y7cz9d4Dlnf
d0yAhc+9lYsejr/QNNzC06yo5hPck9T1dnISo5mwXlA+580guRy3aDf57K5GO4k=
=xlz4
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic