[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: CVE Request: tboot failing to measure commandline parameters
From:       cve-assign () mitre ! org
Date:       2014-07-30 18:05:53
Message-ID: 20140730180553.84A2A6C025F () smtpvmsrv1 ! mitre ! org
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> The trusted boot loader module "tboot" did not measure all commandline parameters,
> which made it possible to pretend a measured boot while there was workaround
> possibility (breaking the measured boot chain).
> 
> All previous tboot versions < 1.8.2 are affected.
> 
> Security Fix: TBOOT Argument Measurement Vulnerability for GRUB2 + ELF Kernels
> http://sourceforge.net/p/tboot/code/ci/0efdaf7c5348701484d24562e6e5323d85bb94d3/
> http://sourceforge.net/p/tboot/mailman/message/32655538/
> http://sourceforge.net/p/tboot/mailman/message/32659733/

Use CVE-2014-5118.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJT2TMTAAoJEKllVAevmvmsqIUIAJSv0E/CR8Qi9UOJ/DlI/uzk
9Ylv1vjg7upZDDXZxQKVEugNSgUfOFMIzYOrI896E9tPJlDQEYq9ZSA/Q8NAFco4
smjcW0+ggZRxZRssw0LHLUakmPL+Wr3R9yKppe87J+ceL6e4Levsa4xIg1EQ7y+2
chV61RYY4Fy9Mf2dRJzMYukInOmaQf+JGuRjwkLObG1iRTbzECNRheMk6Y36cRNb
N6tzbYoCZPf5aeWUOpZBHy+YhukHVIWxbBZyqfbESsrXg7NPMshJ6y7cz9d4Dlnf
d0yAhc+9lYsejr/QNNzC06yo5hPck9T1dnISo5mwXlA+580guRy3aDf57K5GO4k=
=xlz4
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]