Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
8 vulnerabilities found for truecrypt by truecrypt_foundation
CVE-2008-3899 (GCVE-0-2008-3899)
Vulnerability from nvd – Published: 2008-09-03 14:00 – Updated: 2024-08-07 09:53
VLAI
EPSS
VEX
Summary
TrueCrypt 5.0 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. NOTE: the researcher mentions a response from the vendor denying the vulnerability.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/4203 | third-party-advisoryx_refsource_SREASON |
| http://www.ivizsecurity.com/preboot-patch.html | x_refsource_MISC |
| http://www.ivizsecurity.com/research/preboot/preb… | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/495805/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2008-08-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:53:00.636Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4203",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4203"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ivizsecurity.com/preboot-patch.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf"
},
{
"name": "20080825 [IVIZ-08-003] TrueCrypt Security Model bypass exploiting wrong BIOS API usage",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495805/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "TrueCrypt 5.0 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. NOTE: the researcher mentions a response from the vendor denying the vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4203",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4203"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ivizsecurity.com/preboot-patch.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf"
},
{
"name": "20080825 [IVIZ-08-003] TrueCrypt Security Model bypass exploiting wrong BIOS API usage",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495805/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3899",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TrueCrypt 5.0 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. NOTE: the researcher mentions a response from the vendor denying the vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4203",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4203"
},
{
"name": "http://www.ivizsecurity.com/preboot-patch.html",
"refsource": "MISC",
"url": "http://www.ivizsecurity.com/preboot-patch.html"
},
{
"name": "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf",
"refsource": "MISC",
"url": "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf"
},
{
"name": "20080825 [IVIZ-08-003] TrueCrypt Security Model bypass exploiting wrong BIOS API usage",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495805/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3899",
"datePublished": "2008-09-03T14:00:00.000Z",
"dateReserved": "2008-09-03T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:53:00.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1738 (GCVE-0-2007-1738)
Vulnerability from nvd – Published: 2007-03-28 22:00 – Updated: 2024-08-07 13:06
VLAI
EPSS
VEX
Summary
TrueCrypt 4.3, when installed setuid root, allows local users to cause a denial of service (filesystem unavailability) or gain privileges by mounting a crafted TrueCrypt volume, as demonstrated using (1) /usr/bin or (2) another user's home directory, a different issue than CVE-2007-1589.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/2492 | third-party-advisoryx_refsource_SREASON |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/464722/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/archive/1/464064/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/archive/1/464472/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/23180 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/24643 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2007-03-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:06:26.089Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "2492",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2492"
},
{
"name": "truecrypt-setuid-dos(33303)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33303"
},
{
"name": "20070404 Re: Denial of Service Vulnerabilities in TrueCrypt 4.3 Linux (re. bid 23180)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/464722/100/0/threaded"
},
{
"name": "20070328 Denial of Service Vulnerabilities in TrueCrypt 4.3 Linux (re. bid 23180)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/464064/100/0/threaded"
},
{
"name": "20070401 Re: Denial of Service Vulnerabilities in TrueCrypt 4.3 Linux (re. bid 23180)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/464472/100/100/threaded"
},
{
"name": "23180",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23180"
},
{
"name": "24643",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24643"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "TrueCrypt 4.3, when installed setuid root, allows local users to cause a denial of service (filesystem unavailability) or gain privileges by mounting a crafted TrueCrypt volume, as demonstrated using (1) /usr/bin or (2) another user\u0027s home directory, a different issue than CVE-2007-1589."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "2492",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2492"
},
{
"name": "truecrypt-setuid-dos(33303)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33303"
},
{
"name": "20070404 Re: Denial of Service Vulnerabilities in TrueCrypt 4.3 Linux (re. bid 23180)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/464722/100/0/threaded"
},
{
"name": "20070328 Denial of Service Vulnerabilities in TrueCrypt 4.3 Linux (re. bid 23180)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/464064/100/0/threaded"
},
{
"name": "20070401 Re: Denial of Service Vulnerabilities in TrueCrypt 4.3 Linux (re. bid 23180)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/464472/100/100/threaded"
},
{
"name": "23180",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23180"
},
{
"name": "24643",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24643"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1738",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TrueCrypt 4.3, when installed setuid root, allows local users to cause a denial of service (filesystem unavailability) or gain privileges by mounting a crafted TrueCrypt volume, as demonstrated using (1) /usr/bin or (2) another user\u0027s home directory, a different issue than CVE-2007-1589."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2492",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2492"
},
{
"name": "truecrypt-setuid-dos(33303)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33303"
},
{
"name": "20070404 Re: Denial of Service Vulnerabilities in TrueCrypt 4.3 Linux (re. bid 23180)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/464722/100/0/threaded"
},
{
"name": "20070328 Denial of Service Vulnerabilities in TrueCrypt 4.3 Linux (re. bid 23180)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/464064/100/0/threaded"
},
{
"name": "20070401 Re: Denial of Service Vulnerabilities in TrueCrypt 4.3 Linux (re. bid 23180)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/464472/100/100/threaded"
},
{
"name": "23180",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23180"
},
{
"name": "24643",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24643"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1738",
"datePublished": "2007-03-28T22:00:00.000Z",
"dateReserved": "2007-03-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:06:26.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1589 (GCVE-0-2007-1589)
Vulnerability from nvd – Published: 2007-03-21 23:00 – Updated: 2024-08-07 12:59
VLAI
EPSS
VEX
Summary
TrueCrypt before 4.3, when set-euid mode is used on Linux, allows local users to cause a denial of service (filesystem unavailability) by dismounting a volume mounted by a different user.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/24627 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2007/1103 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/23128 | vdb-entryx_refsource_BID |
| http://www.truecrypt.org/docs/?s=version-history | x_refsource_CONFIRM |
Date Public
2007-03-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:59:08.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24627",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24627"
},
{
"name": "ADV-2007-1103",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1103"
},
{
"name": "23128",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23128"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.truecrypt.org/docs/?s=version-history"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "TrueCrypt before 4.3, when set-euid mode is used on Linux, allows local users to cause a denial of service (filesystem unavailability) by dismounting a volume mounted by a different user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-03-31T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24627",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24627"
},
{
"name": "ADV-2007-1103",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1103"
},
{
"name": "23128",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23128"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.truecrypt.org/docs/?s=version-history"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1589",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TrueCrypt before 4.3, when set-euid mode is used on Linux, allows local users to cause a denial of service (filesystem unavailability) by dismounting a volume mounted by a different user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24627",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24627"
},
{
"name": "ADV-2007-1103",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1103"
},
{
"name": "23128",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23128"
},
{
"name": "http://www.truecrypt.org/docs/?s=version-history",
"refsource": "CONFIRM",
"url": "http://www.truecrypt.org/docs/?s=version-history"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1589",
"datePublished": "2007-03-21T23:00:00.000Z",
"dateReserved": "2007-03-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:59:08.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2183 (GCVE-0-2006-2183)
Vulnerability from nvd – Published: 2006-05-04 10:00 – Updated: 2024-08-07 17:43
VLAI
EPSS
VEX
Summary
Untrusted search path vulnerability in Truecrypt 4.1, when running suid root on Linux, allows local users to execute arbitrary commands and gain privileges via a modified PATH environment variable that references a malicious mount command.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://lists.immunitysec.com/pipermail/dailydave/… | mailing-listx_refsource_MLIST |
| http://www.osvdb.org/25131 | vdb-entryx_refsource_OSVDB |
| http://www.vupen.com/english/advisories/2006/1591 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/19903 | third-party-advisoryx_refsource_SECUNIA |
| http://www.truecrypt.org/history.php | x_refsource_MISC |
Date Public
2006-04-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:43:28.134Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "truecrypt-execvp-gain-privileges(26191)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26191"
},
{
"name": "[Dailydave] 20060430 Non disclosure from security vendors: Truecrypt exemple",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.immunitysec.com/pipermail/dailydave/2006-April/003152.html"
},
{
"name": "25131",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25131"
},
{
"name": "ADV-2006-1591",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1591"
},
{
"name": "19903",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19903"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.truecrypt.org/history.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Truecrypt 4.1, when running suid root on Linux, allows local users to execute arbitrary commands and gain privileges via a modified PATH environment variable that references a malicious mount command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "truecrypt-execvp-gain-privileges(26191)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26191"
},
{
"name": "[Dailydave] 20060430 Non disclosure from security vendors: Truecrypt exemple",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.immunitysec.com/pipermail/dailydave/2006-April/003152.html"
},
{
"name": "25131",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25131"
},
{
"name": "ADV-2006-1591",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1591"
},
{
"name": "19903",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19903"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.truecrypt.org/history.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2183",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Truecrypt 4.1, when running suid root on Linux, allows local users to execute arbitrary commands and gain privileges via a modified PATH environment variable that references a malicious mount command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "truecrypt-execvp-gain-privileges(26191)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26191"
},
{
"name": "[Dailydave] 20060430 Non disclosure from security vendors: Truecrypt exemple",
"refsource": "MLIST",
"url": "http://lists.immunitysec.com/pipermail/dailydave/2006-April/003152.html"
},
{
"name": "25131",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25131"
},
{
"name": "ADV-2006-1591",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1591"
},
{
"name": "19903",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19903"
},
{
"name": "http://www.truecrypt.org/history.php",
"refsource": "MISC",
"url": "http://www.truecrypt.org/history.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2183",
"datePublished": "2006-05-04T10:00:00.000Z",
"dateReserved": "2006-05-03T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:43:28.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3899 (GCVE-0-2008-3899)
Vulnerability from cvelistv5 – Published: 2008-09-03 14:00 – Updated: 2024-08-07 09:53
VLAI
EPSS
VEX
Summary
TrueCrypt 5.0 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. NOTE: the researcher mentions a response from the vendor denying the vulnerability.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/4203 | third-party-advisoryx_refsource_SREASON |
| http://www.ivizsecurity.com/preboot-patch.html | x_refsource_MISC |
| http://www.ivizsecurity.com/research/preboot/preb… | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/495805/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2008-08-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:53:00.636Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4203",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4203"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ivizsecurity.com/preboot-patch.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf"
},
{
"name": "20080825 [IVIZ-08-003] TrueCrypt Security Model bypass exploiting wrong BIOS API usage",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495805/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "TrueCrypt 5.0 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. NOTE: the researcher mentions a response from the vendor denying the vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4203",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4203"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ivizsecurity.com/preboot-patch.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf"
},
{
"name": "20080825 [IVIZ-08-003] TrueCrypt Security Model bypass exploiting wrong BIOS API usage",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495805/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3899",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TrueCrypt 5.0 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. NOTE: the researcher mentions a response from the vendor denying the vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4203",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4203"
},
{
"name": "http://www.ivizsecurity.com/preboot-patch.html",
"refsource": "MISC",
"url": "http://www.ivizsecurity.com/preboot-patch.html"
},
{
"name": "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf",
"refsource": "MISC",
"url": "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf"
},
{
"name": "20080825 [IVIZ-08-003] TrueCrypt Security Model bypass exploiting wrong BIOS API usage",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495805/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3899",
"datePublished": "2008-09-03T14:00:00.000Z",
"dateReserved": "2008-09-03T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:53:00.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1738 (GCVE-0-2007-1738)
Vulnerability from cvelistv5 – Published: 2007-03-28 22:00 – Updated: 2024-08-07 13:06
VLAI
EPSS
VEX
Summary
TrueCrypt 4.3, when installed setuid root, allows local users to cause a denial of service (filesystem unavailability) or gain privileges by mounting a crafted TrueCrypt volume, as demonstrated using (1) /usr/bin or (2) another user's home directory, a different issue than CVE-2007-1589.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/2492 | third-party-advisoryx_refsource_SREASON |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/464722/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/archive/1/464064/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/archive/1/464472/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/23180 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/24643 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2007-03-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:06:26.089Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "2492",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2492"
},
{
"name": "truecrypt-setuid-dos(33303)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33303"
},
{
"name": "20070404 Re: Denial of Service Vulnerabilities in TrueCrypt 4.3 Linux (re. bid 23180)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/464722/100/0/threaded"
},
{
"name": "20070328 Denial of Service Vulnerabilities in TrueCrypt 4.3 Linux (re. bid 23180)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/464064/100/0/threaded"
},
{
"name": "20070401 Re: Denial of Service Vulnerabilities in TrueCrypt 4.3 Linux (re. bid 23180)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/464472/100/100/threaded"
},
{
"name": "23180",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23180"
},
{
"name": "24643",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24643"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "TrueCrypt 4.3, when installed setuid root, allows local users to cause a denial of service (filesystem unavailability) or gain privileges by mounting a crafted TrueCrypt volume, as demonstrated using (1) /usr/bin or (2) another user\u0027s home directory, a different issue than CVE-2007-1589."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "2492",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2492"
},
{
"name": "truecrypt-setuid-dos(33303)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33303"
},
{
"name": "20070404 Re: Denial of Service Vulnerabilities in TrueCrypt 4.3 Linux (re. bid 23180)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/464722/100/0/threaded"
},
{
"name": "20070328 Denial of Service Vulnerabilities in TrueCrypt 4.3 Linux (re. bid 23180)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/464064/100/0/threaded"
},
{
"name": "20070401 Re: Denial of Service Vulnerabilities in TrueCrypt 4.3 Linux (re. bid 23180)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/464472/100/100/threaded"
},
{
"name": "23180",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23180"
},
{
"name": "24643",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24643"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1738",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TrueCrypt 4.3, when installed setuid root, allows local users to cause a denial of service (filesystem unavailability) or gain privileges by mounting a crafted TrueCrypt volume, as demonstrated using (1) /usr/bin or (2) another user\u0027s home directory, a different issue than CVE-2007-1589."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2492",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2492"
},
{
"name": "truecrypt-setuid-dos(33303)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33303"
},
{
"name": "20070404 Re: Denial of Service Vulnerabilities in TrueCrypt 4.3 Linux (re. bid 23180)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/464722/100/0/threaded"
},
{
"name": "20070328 Denial of Service Vulnerabilities in TrueCrypt 4.3 Linux (re. bid 23180)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/464064/100/0/threaded"
},
{
"name": "20070401 Re: Denial of Service Vulnerabilities in TrueCrypt 4.3 Linux (re. bid 23180)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/464472/100/100/threaded"
},
{
"name": "23180",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23180"
},
{
"name": "24643",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24643"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1738",
"datePublished": "2007-03-28T22:00:00.000Z",
"dateReserved": "2007-03-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:06:26.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1589 (GCVE-0-2007-1589)
Vulnerability from cvelistv5 – Published: 2007-03-21 23:00 – Updated: 2024-08-07 12:59
VLAI
EPSS
VEX
Summary
TrueCrypt before 4.3, when set-euid mode is used on Linux, allows local users to cause a denial of service (filesystem unavailability) by dismounting a volume mounted by a different user.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/24627 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2007/1103 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/23128 | vdb-entryx_refsource_BID |
| http://www.truecrypt.org/docs/?s=version-history | x_refsource_CONFIRM |
Date Public
2007-03-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:59:08.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24627",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24627"
},
{
"name": "ADV-2007-1103",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1103"
},
{
"name": "23128",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23128"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.truecrypt.org/docs/?s=version-history"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "TrueCrypt before 4.3, when set-euid mode is used on Linux, allows local users to cause a denial of service (filesystem unavailability) by dismounting a volume mounted by a different user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-03-31T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24627",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24627"
},
{
"name": "ADV-2007-1103",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1103"
},
{
"name": "23128",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23128"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.truecrypt.org/docs/?s=version-history"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1589",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TrueCrypt before 4.3, when set-euid mode is used on Linux, allows local users to cause a denial of service (filesystem unavailability) by dismounting a volume mounted by a different user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24627",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24627"
},
{
"name": "ADV-2007-1103",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1103"
},
{
"name": "23128",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23128"
},
{
"name": "http://www.truecrypt.org/docs/?s=version-history",
"refsource": "CONFIRM",
"url": "http://www.truecrypt.org/docs/?s=version-history"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1589",
"datePublished": "2007-03-21T23:00:00.000Z",
"dateReserved": "2007-03-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:59:08.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2183 (GCVE-0-2006-2183)
Vulnerability from cvelistv5 – Published: 2006-05-04 10:00 – Updated: 2024-08-07 17:43
VLAI
EPSS
VEX
Summary
Untrusted search path vulnerability in Truecrypt 4.1, when running suid root on Linux, allows local users to execute arbitrary commands and gain privileges via a modified PATH environment variable that references a malicious mount command.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://lists.immunitysec.com/pipermail/dailydave/… | mailing-listx_refsource_MLIST |
| http://www.osvdb.org/25131 | vdb-entryx_refsource_OSVDB |
| http://www.vupen.com/english/advisories/2006/1591 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/19903 | third-party-advisoryx_refsource_SECUNIA |
| http://www.truecrypt.org/history.php | x_refsource_MISC |
Date Public
2006-04-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:43:28.134Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "truecrypt-execvp-gain-privileges(26191)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26191"
},
{
"name": "[Dailydave] 20060430 Non disclosure from security vendors: Truecrypt exemple",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.immunitysec.com/pipermail/dailydave/2006-April/003152.html"
},
{
"name": "25131",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25131"
},
{
"name": "ADV-2006-1591",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1591"
},
{
"name": "19903",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19903"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.truecrypt.org/history.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Truecrypt 4.1, when running suid root on Linux, allows local users to execute arbitrary commands and gain privileges via a modified PATH environment variable that references a malicious mount command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "truecrypt-execvp-gain-privileges(26191)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26191"
},
{
"name": "[Dailydave] 20060430 Non disclosure from security vendors: Truecrypt exemple",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.immunitysec.com/pipermail/dailydave/2006-April/003152.html"
},
{
"name": "25131",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25131"
},
{
"name": "ADV-2006-1591",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1591"
},
{
"name": "19903",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19903"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.truecrypt.org/history.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2183",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Truecrypt 4.1, when running suid root on Linux, allows local users to execute arbitrary commands and gain privileges via a modified PATH environment variable that references a malicious mount command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "truecrypt-execvp-gain-privileges(26191)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26191"
},
{
"name": "[Dailydave] 20060430 Non disclosure from security vendors: Truecrypt exemple",
"refsource": "MLIST",
"url": "http://lists.immunitysec.com/pipermail/dailydave/2006-April/003152.html"
},
{
"name": "25131",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25131"
},
{
"name": "ADV-2006-1591",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1591"
},
{
"name": "19903",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19903"
},
{
"name": "http://www.truecrypt.org/history.php",
"refsource": "MISC",
"url": "http://www.truecrypt.org/history.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2183",
"datePublished": "2006-05-04T10:00:00.000Z",
"dateReserved": "2006-05-03T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:43:28.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}