Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    8 vulnerabilities found for truecrypt by truecrypt_foundation

    CVE-2008-3899 (GCVE-0-2008-3899)

    Vulnerability from nvd – Published: 2008-09-03 14:00 – Updated: 2024-08-07 09:53
    VLAI
    Summary
    TrueCrypt 5.0 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. NOTE: the researcher mentions a response from the vendor denying the vulnerability.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2008-08-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:53:00.636Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "4203",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/4203"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ivizsecurity.com/preboot-patch.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf"
              },
              {
                "name": "20080825 [IVIZ-08-003] TrueCrypt Security Model bypass exploiting wrong BIOS API usage",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/495805/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-08-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "TrueCrypt 5.0 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.  NOTE: the researcher mentions a response from the vendor denying the vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "4203",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/4203"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ivizsecurity.com/preboot-patch.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf"
            },
            {
              "name": "20080825 [IVIZ-08-003] TrueCrypt Security Model bypass exploiting wrong BIOS API usage",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/495805/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-3899",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "TrueCrypt 5.0 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.  NOTE: the researcher mentions a response from the vendor denying the vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "4203",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/4203"
                },
                {
                  "name": "http://www.ivizsecurity.com/preboot-patch.html",
                  "refsource": "MISC",
                  "url": "http://www.ivizsecurity.com/preboot-patch.html"
                },
                {
                  "name": "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf",
                  "refsource": "MISC",
                  "url": "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf"
                },
                {
                  "name": "20080825 [IVIZ-08-003] TrueCrypt Security Model bypass exploiting wrong BIOS API usage",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/495805/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-3899",
        "datePublished": "2008-09-03T14:00:00.000Z",
        "dateReserved": "2008-09-03T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:53:00.636Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1738 (GCVE-0-2007-1738)

    Vulnerability from nvd – Published: 2007-03-28 22:00 – Updated: 2024-08-07 13:06
    VLAI
    Summary
    TrueCrypt 4.3, when installed setuid root, allows local users to cause a denial of service (filesystem unavailability) or gain privileges by mounting a crafted TrueCrypt volume, as demonstrated using (1) /usr/bin or (2) another user's home directory, a different issue than CVE-2007-1589.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securityreason.com/securityalert/2492 third-party-advisoryx_refsource_SREASON
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/archive/1/464722/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/464064/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/464472/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/23180 vdb-entryx_refsource_BID
    http://secunia.com/advisories/24643 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2007-03-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:06:26.089Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "2492",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/2492"
              },
              {
                "name": "truecrypt-setuid-dos(33303)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33303"
              },
              {
                "name": "20070404 Re: Denial of Service Vulnerabilities in TrueCrypt 4.3 Linux (re. bid 23180)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/464722/100/0/threaded"
              },
              {
                "name": "20070328 Denial of Service Vulnerabilities in TrueCrypt 4.3 Linux (re. bid 23180)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/464064/100/0/threaded"
              },
              {
                "name": "20070401 Re: Denial of Service Vulnerabilities in TrueCrypt 4.3 Linux (re. bid 23180)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/464472/100/100/threaded"
              },
              {
                "name": "23180",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23180"
              },
              {
                "name": "24643",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24643"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-03-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "TrueCrypt 4.3, when installed setuid root, allows local users to cause a denial of service (filesystem unavailability) or gain privileges by mounting a crafted TrueCrypt volume, as demonstrated using (1) /usr/bin or (2) another user\u0027s home directory, a different issue than CVE-2007-1589."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "2492",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/2492"
            },
            {
              "name": "truecrypt-setuid-dos(33303)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33303"
            },
            {
              "name": "20070404 Re: Denial of Service Vulnerabilities in TrueCrypt 4.3 Linux (re. bid 23180)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/464722/100/0/threaded"
            },
            {
              "name": "20070328 Denial of Service Vulnerabilities in TrueCrypt 4.3 Linux (re. bid 23180)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/464064/100/0/threaded"
            },
            {
              "name": "20070401 Re: Denial of Service Vulnerabilities in TrueCrypt 4.3 Linux (re. bid 23180)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/464472/100/100/threaded"
            },
            {
              "name": "23180",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23180"
            },
            {
              "name": "24643",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24643"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1738",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "TrueCrypt 4.3, when installed setuid root, allows local users to cause a denial of service (filesystem unavailability) or gain privileges by mounting a crafted TrueCrypt volume, as demonstrated using (1) /usr/bin or (2) another user\u0027s home directory, a different issue than CVE-2007-1589."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "2492",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/2492"
                },
                {
                  "name": "truecrypt-setuid-dos(33303)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33303"
                },
                {
                  "name": "20070404 Re: Denial of Service Vulnerabilities in TrueCrypt 4.3 Linux (re. bid 23180)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/464722/100/0/threaded"
                },
                {
                  "name": "20070328 Denial of Service Vulnerabilities in TrueCrypt 4.3 Linux (re. bid 23180)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/464064/100/0/threaded"
                },
                {
                  "name": "20070401 Re: Denial of Service Vulnerabilities in TrueCrypt 4.3 Linux (re. bid 23180)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/464472/100/100/threaded"
                },
                {
                  "name": "23180",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23180"
                },
                {
                  "name": "24643",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24643"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1738",
        "datePublished": "2007-03-28T22:00:00.000Z",
        "dateReserved": "2007-03-28T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:06:26.089Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1589 (GCVE-0-2007-1589)

    Vulnerability from nvd – Published: 2007-03-21 23:00 – Updated: 2024-08-07 12:59
    VLAI
    Summary
    TrueCrypt before 4.3, when set-euid mode is used on Linux, allows local users to cause a denial of service (filesystem unavailability) by dismounting a volume mounted by a different user.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/24627 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2007/1103 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/23128 vdb-entryx_refsource_BID
    http://www.truecrypt.org/docs/?s=version-history x_refsource_CONFIRM
    Date Public
    2007-03-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:59:08.967Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "24627",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24627"
              },
              {
                "name": "ADV-2007-1103",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1103"
              },
              {
                "name": "23128",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23128"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.truecrypt.org/docs/?s=version-history"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-03-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "TrueCrypt before 4.3, when set-euid mode is used on Linux, allows local users to cause a denial of service (filesystem unavailability) by dismounting a volume mounted by a different user."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2007-03-31T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "24627",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24627"
            },
            {
              "name": "ADV-2007-1103",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1103"
            },
            {
              "name": "23128",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23128"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.truecrypt.org/docs/?s=version-history"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1589",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "TrueCrypt before 4.3, when set-euid mode is used on Linux, allows local users to cause a denial of service (filesystem unavailability) by dismounting a volume mounted by a different user."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "24627",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24627"
                },
                {
                  "name": "ADV-2007-1103",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1103"
                },
                {
                  "name": "23128",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23128"
                },
                {
                  "name": "http://www.truecrypt.org/docs/?s=version-history",
                  "refsource": "CONFIRM",
                  "url": "http://www.truecrypt.org/docs/?s=version-history"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1589",
        "datePublished": "2007-03-21T23:00:00.000Z",
        "dateReserved": "2007-03-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:59:08.967Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-2183 (GCVE-0-2006-2183)

    Vulnerability from nvd – Published: 2006-05-04 10:00 – Updated: 2024-08-07 17:43
    VLAI
    Summary
    Untrusted search path vulnerability in Truecrypt 4.1, when running suid root on Linux, allows local users to execute arbitrary commands and gain privileges via a modified PATH environment variable that references a malicious mount command.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://lists.immunitysec.com/pipermail/dailydave/… mailing-listx_refsource_MLIST
    http://www.osvdb.org/25131 vdb-entryx_refsource_OSVDB
    http://www.vupen.com/english/advisories/2006/1591 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/19903 third-party-advisoryx_refsource_SECUNIA
    http://www.truecrypt.org/history.php x_refsource_MISC
    Date Public
    2006-04-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T17:43:28.134Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "truecrypt-execvp-gain-privileges(26191)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26191"
              },
              {
                "name": "[Dailydave] 20060430 Non disclosure from security vendors: Truecrypt exemple",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.immunitysec.com/pipermail/dailydave/2006-April/003152.html"
              },
              {
                "name": "25131",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/25131"
              },
              {
                "name": "ADV-2006-1591",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/1591"
              },
              {
                "name": "19903",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/19903"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.truecrypt.org/history.php"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-04-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Untrusted search path vulnerability in Truecrypt 4.1, when running suid root on Linux, allows local users to execute arbitrary commands and gain privileges via a modified PATH environment variable that references a malicious mount command."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-19T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "truecrypt-execvp-gain-privileges(26191)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26191"
            },
            {
              "name": "[Dailydave] 20060430 Non disclosure from security vendors: Truecrypt exemple",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.immunitysec.com/pipermail/dailydave/2006-April/003152.html"
            },
            {
              "name": "25131",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/25131"
            },
            {
              "name": "ADV-2006-1591",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/1591"
            },
            {
              "name": "19903",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/19903"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.truecrypt.org/history.php"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-2183",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Untrusted search path vulnerability in Truecrypt 4.1, when running suid root on Linux, allows local users to execute arbitrary commands and gain privileges via a modified PATH environment variable that references a malicious mount command."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "truecrypt-execvp-gain-privileges(26191)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26191"
                },
                {
                  "name": "[Dailydave] 20060430 Non disclosure from security vendors: Truecrypt exemple",
                  "refsource": "MLIST",
                  "url": "http://lists.immunitysec.com/pipermail/dailydave/2006-April/003152.html"
                },
                {
                  "name": "25131",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/25131"
                },
                {
                  "name": "ADV-2006-1591",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/1591"
                },
                {
                  "name": "19903",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/19903"
                },
                {
                  "name": "http://www.truecrypt.org/history.php",
                  "refsource": "MISC",
                  "url": "http://www.truecrypt.org/history.php"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-2183",
        "datePublished": "2006-05-04T10:00:00.000Z",
        "dateReserved": "2006-05-03T00:00:00.000Z",
        "dateUpdated": "2024-08-07T17:43:28.134Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-3899 (GCVE-0-2008-3899)

    Vulnerability from cvelistv5 – Published: 2008-09-03 14:00 – Updated: 2024-08-07 09:53
    VLAI
    Summary
    TrueCrypt 5.0 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. NOTE: the researcher mentions a response from the vendor denying the vulnerability.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2008-08-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:53:00.636Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "4203",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/4203"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ivizsecurity.com/preboot-patch.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf"
              },
              {
                "name": "20080825 [IVIZ-08-003] TrueCrypt Security Model bypass exploiting wrong BIOS API usage",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/495805/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-08-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "TrueCrypt 5.0 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.  NOTE: the researcher mentions a response from the vendor denying the vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "4203",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/4203"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ivizsecurity.com/preboot-patch.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf"
            },
            {
              "name": "20080825 [IVIZ-08-003] TrueCrypt Security Model bypass exploiting wrong BIOS API usage",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/495805/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-3899",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "TrueCrypt 5.0 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.  NOTE: the researcher mentions a response from the vendor denying the vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "4203",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/4203"
                },
                {
                  "name": "http://www.ivizsecurity.com/preboot-patch.html",
                  "refsource": "MISC",
                  "url": "http://www.ivizsecurity.com/preboot-patch.html"
                },
                {
                  "name": "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf",
                  "refsource": "MISC",
                  "url": "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf"
                },
                {
                  "name": "20080825 [IVIZ-08-003] TrueCrypt Security Model bypass exploiting wrong BIOS API usage",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/495805/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-3899",
        "datePublished": "2008-09-03T14:00:00.000Z",
        "dateReserved": "2008-09-03T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:53:00.636Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1738 (GCVE-0-2007-1738)

    Vulnerability from cvelistv5 – Published: 2007-03-28 22:00 – Updated: 2024-08-07 13:06
    VLAI
    Summary
    TrueCrypt 4.3, when installed setuid root, allows local users to cause a denial of service (filesystem unavailability) or gain privileges by mounting a crafted TrueCrypt volume, as demonstrated using (1) /usr/bin or (2) another user's home directory, a different issue than CVE-2007-1589.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securityreason.com/securityalert/2492 third-party-advisoryx_refsource_SREASON
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/archive/1/464722/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/464064/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/464472/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/23180 vdb-entryx_refsource_BID
    http://secunia.com/advisories/24643 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2007-03-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:06:26.089Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "2492",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/2492"
              },
              {
                "name": "truecrypt-setuid-dos(33303)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33303"
              },
              {
                "name": "20070404 Re: Denial of Service Vulnerabilities in TrueCrypt 4.3 Linux (re. bid 23180)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/464722/100/0/threaded"
              },
              {
                "name": "20070328 Denial of Service Vulnerabilities in TrueCrypt 4.3 Linux (re. bid 23180)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/464064/100/0/threaded"
              },
              {
                "name": "20070401 Re: Denial of Service Vulnerabilities in TrueCrypt 4.3 Linux (re. bid 23180)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/464472/100/100/threaded"
              },
              {
                "name": "23180",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23180"
              },
              {
                "name": "24643",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24643"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-03-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "TrueCrypt 4.3, when installed setuid root, allows local users to cause a denial of service (filesystem unavailability) or gain privileges by mounting a crafted TrueCrypt volume, as demonstrated using (1) /usr/bin or (2) another user\u0027s home directory, a different issue than CVE-2007-1589."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "2492",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/2492"
            },
            {
              "name": "truecrypt-setuid-dos(33303)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33303"
            },
            {
              "name": "20070404 Re: Denial of Service Vulnerabilities in TrueCrypt 4.3 Linux (re. bid 23180)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/464722/100/0/threaded"
            },
            {
              "name": "20070328 Denial of Service Vulnerabilities in TrueCrypt 4.3 Linux (re. bid 23180)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/464064/100/0/threaded"
            },
            {
              "name": "20070401 Re: Denial of Service Vulnerabilities in TrueCrypt 4.3 Linux (re. bid 23180)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/464472/100/100/threaded"
            },
            {
              "name": "23180",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23180"
            },
            {
              "name": "24643",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24643"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1738",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "TrueCrypt 4.3, when installed setuid root, allows local users to cause a denial of service (filesystem unavailability) or gain privileges by mounting a crafted TrueCrypt volume, as demonstrated using (1) /usr/bin or (2) another user\u0027s home directory, a different issue than CVE-2007-1589."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "2492",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/2492"
                },
                {
                  "name": "truecrypt-setuid-dos(33303)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33303"
                },
                {
                  "name": "20070404 Re: Denial of Service Vulnerabilities in TrueCrypt 4.3 Linux (re. bid 23180)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/464722/100/0/threaded"
                },
                {
                  "name": "20070328 Denial of Service Vulnerabilities in TrueCrypt 4.3 Linux (re. bid 23180)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/464064/100/0/threaded"
                },
                {
                  "name": "20070401 Re: Denial of Service Vulnerabilities in TrueCrypt 4.3 Linux (re. bid 23180)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/464472/100/100/threaded"
                },
                {
                  "name": "23180",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23180"
                },
                {
                  "name": "24643",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24643"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1738",
        "datePublished": "2007-03-28T22:00:00.000Z",
        "dateReserved": "2007-03-28T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:06:26.089Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1589 (GCVE-0-2007-1589)

    Vulnerability from cvelistv5 – Published: 2007-03-21 23:00 – Updated: 2024-08-07 12:59
    VLAI
    Summary
    TrueCrypt before 4.3, when set-euid mode is used on Linux, allows local users to cause a denial of service (filesystem unavailability) by dismounting a volume mounted by a different user.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/24627 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2007/1103 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/23128 vdb-entryx_refsource_BID
    http://www.truecrypt.org/docs/?s=version-history x_refsource_CONFIRM
    Date Public
    2007-03-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:59:08.967Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "24627",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24627"
              },
              {
                "name": "ADV-2007-1103",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1103"
              },
              {
                "name": "23128",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23128"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.truecrypt.org/docs/?s=version-history"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-03-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "TrueCrypt before 4.3, when set-euid mode is used on Linux, allows local users to cause a denial of service (filesystem unavailability) by dismounting a volume mounted by a different user."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2007-03-31T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "24627",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24627"
            },
            {
              "name": "ADV-2007-1103",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1103"
            },
            {
              "name": "23128",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23128"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.truecrypt.org/docs/?s=version-history"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1589",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "TrueCrypt before 4.3, when set-euid mode is used on Linux, allows local users to cause a denial of service (filesystem unavailability) by dismounting a volume mounted by a different user."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "24627",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24627"
                },
                {
                  "name": "ADV-2007-1103",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1103"
                },
                {
                  "name": "23128",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23128"
                },
                {
                  "name": "http://www.truecrypt.org/docs/?s=version-history",
                  "refsource": "CONFIRM",
                  "url": "http://www.truecrypt.org/docs/?s=version-history"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1589",
        "datePublished": "2007-03-21T23:00:00.000Z",
        "dateReserved": "2007-03-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:59:08.967Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-2183 (GCVE-0-2006-2183)

    Vulnerability from cvelistv5 – Published: 2006-05-04 10:00 – Updated: 2024-08-07 17:43
    VLAI
    Summary
    Untrusted search path vulnerability in Truecrypt 4.1, when running suid root on Linux, allows local users to execute arbitrary commands and gain privileges via a modified PATH environment variable that references a malicious mount command.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://lists.immunitysec.com/pipermail/dailydave/… mailing-listx_refsource_MLIST
    http://www.osvdb.org/25131 vdb-entryx_refsource_OSVDB
    http://www.vupen.com/english/advisories/2006/1591 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/19903 third-party-advisoryx_refsource_SECUNIA
    http://www.truecrypt.org/history.php x_refsource_MISC
    Date Public
    2006-04-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T17:43:28.134Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "truecrypt-execvp-gain-privileges(26191)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26191"
              },
              {
                "name": "[Dailydave] 20060430 Non disclosure from security vendors: Truecrypt exemple",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.immunitysec.com/pipermail/dailydave/2006-April/003152.html"
              },
              {
                "name": "25131",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/25131"
              },
              {
                "name": "ADV-2006-1591",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/1591"
              },
              {
                "name": "19903",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/19903"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.truecrypt.org/history.php"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-04-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Untrusted search path vulnerability in Truecrypt 4.1, when running suid root on Linux, allows local users to execute arbitrary commands and gain privileges via a modified PATH environment variable that references a malicious mount command."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-19T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "truecrypt-execvp-gain-privileges(26191)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26191"
            },
            {
              "name": "[Dailydave] 20060430 Non disclosure from security vendors: Truecrypt exemple",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.immunitysec.com/pipermail/dailydave/2006-April/003152.html"
            },
            {
              "name": "25131",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/25131"
            },
            {
              "name": "ADV-2006-1591",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/1591"
            },
            {
              "name": "19903",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/19903"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.truecrypt.org/history.php"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-2183",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Untrusted search path vulnerability in Truecrypt 4.1, when running suid root on Linux, allows local users to execute arbitrary commands and gain privileges via a modified PATH environment variable that references a malicious mount command."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "truecrypt-execvp-gain-privileges(26191)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26191"
                },
                {
                  "name": "[Dailydave] 20060430 Non disclosure from security vendors: Truecrypt exemple",
                  "refsource": "MLIST",
                  "url": "http://lists.immunitysec.com/pipermail/dailydave/2006-April/003152.html"
                },
                {
                  "name": "25131",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/25131"
                },
                {
                  "name": "ADV-2006-1591",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/1591"
                },
                {
                  "name": "19903",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/19903"
                },
                {
                  "name": "http://www.truecrypt.org/history.php",
                  "refsource": "MISC",
                  "url": "http://www.truecrypt.org/history.php"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-2183",
        "datePublished": "2006-05-04T10:00:00.000Z",
        "dateReserved": "2006-05-03T00:00:00.000Z",
        "dateUpdated": "2024-08-07T17:43:28.134Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }