certfr_avis - CERTFR-2015-AVI-420

CERTFR-2015-AVI-420

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Veracrypt. Elles permettent à un attaquant de provoquer une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Veracrypt du 26 septembre 2015

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003e\u003c/p\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-7359",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7359"
    },
    {
      "name": "CVE-2015-7358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7358"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-420",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-10-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eVeracrypt\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Veracrypt",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Veracrypt du 26 septembre 2015",
      "url": "https://veracrypt.codeplex.com/wikipage?title=Release%20Notes"
    }
  ]
}

CVE-2015-7358 (GCVE-0-2015-7358)

Vulnerability from cvelistv5 – Published: 2017-10-02 19:00 – Updated: 2024-08-06 07:43

Summary

The IsDriveLetterAvailable method in Driver/Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, does not properly validate drive letter symbolic links, which allows local users to mount an encrypted volume over an existing drive letter and gain privileges via an entry in the /GLOBAL?? directory.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://veracrypt.codeplex.com/wikipage?title=Rel…	x_refsource_CONFIRM
	https://www.exploit-db.com/exploits/38403/	exploitx_refsource_EXPLOIT-DB
	http://www.openwall.com/lists/oss-security/2015/09/24/3	mailing-listx_refsource_MLIST
	http://packetstormsecurity.com/files/133878/Truec…	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2015/09/22/7	mailing-listx_refsource_MLIST
	https://code.google.com/p/google-security-researc…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:43:46.183Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://veracrypt.codeplex.com/wikipage?title=Release%20Notes"
          },
          {
            "name": "38403",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/38403/"
          },
          {
            "name": "[oss-security] 20150924 Re: CVE Request - TrueCrypt 7.1a and VeraCrypt 1.14 Local Elevation of Privilege",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/09/24/3"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/133878/Truecrypt-7-Derived-Code-Windows-Drive-Letter-Symbolic-Link-Creation-Privilege-Escalation.html"
          },
          {
            "name": "[oss-security] 20150922 CVE Request - TrueCrypt 7.1a and VeraCrypt 1.14 Local Elevation of Privilege",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/09/22/7"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://code.google.com/p/google-security-research/issues/detail?id=538"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-09-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The IsDriveLetterAvailable method in Driver/Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, does not properly validate drive letter symbolic links, which allows local users to mount an encrypted volume over an existing drive letter and gain privileges via an entry in the /GLOBAL?? directory."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-02T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://veracrypt.codeplex.com/wikipage?title=Release%20Notes"
        },
        {
          "name": "38403",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/38403/"
        },
        {
          "name": "[oss-security] 20150924 Re: CVE Request - TrueCrypt 7.1a and VeraCrypt 1.14 Local Elevation of Privilege",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/09/24/3"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/133878/Truecrypt-7-Derived-Code-Windows-Drive-Letter-Symbolic-Link-Creation-Privilege-Escalation.html"
        },
        {
          "name": "[oss-security] 20150922 CVE Request - TrueCrypt 7.1a and VeraCrypt 1.14 Local Elevation of Privilege",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/09/22/7"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://code.google.com/p/google-security-research/issues/detail?id=538"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-7358",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The IsDriveLetterAvailable method in Driver/Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, does not properly validate drive letter symbolic links, which allows local users to mount an encrypted volume over an existing drive letter and gain privileges via an entry in the /GLOBAL?? directory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://veracrypt.codeplex.com/wikipage?title=Release%20Notes",
              "refsource": "CONFIRM",
              "url": "https://veracrypt.codeplex.com/wikipage?title=Release%20Notes"
            },
            {
              "name": "38403",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/38403/"
            },
            {
              "name": "[oss-security] 20150924 Re: CVE Request - TrueCrypt 7.1a and VeraCrypt 1.14 Local Elevation of Privilege",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/09/24/3"
            },
            {
              "name": "http://packetstormsecurity.com/files/133878/Truecrypt-7-Derived-Code-Windows-Drive-Letter-Symbolic-Link-Creation-Privilege-Escalation.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/133878/Truecrypt-7-Derived-Code-Windows-Drive-Letter-Symbolic-Link-Creation-Privilege-Escalation.html"
            },
            {
              "name": "[oss-security] 20150922 CVE Request - TrueCrypt 7.1a and VeraCrypt 1.14 Local Elevation of Privilege",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/09/22/7"
            },
            {
              "name": "https://code.google.com/p/google-security-research/issues/detail?id=538",
              "refsource": "MISC",
              "url": "https://code.google.com/p/google-security-research/issues/detail?id=538"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-7358",
    "datePublished": "2017-10-02T19:00:00",
    "dateReserved": "2015-09-24T00:00:00",
    "dateUpdated": "2024-08-06T07:43:46.183Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-7359 (GCVE-0-2015-7359)

Vulnerability from cvelistv5 – Published: 2017-10-02 19:00 – Updated: 2024-08-06 07:43

Summary

The (1) IsVolumeAccessibleByCurrentUser and (2) MountDevice methods in Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, do not check the impersonation level of impersonation tokens, which allows local users to impersonate a user at SecurityIdentify level and gain access to other users' mounted encrypted volumes.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://code.google.com/p/google-security-researc…	x_refsource_MISC
	https://veracrypt.codeplex.com/wikipage?title=Rel…	x_refsource_CONFIRM
	http://packetstormsecurity.com/files/133877/Truec…	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2015/09/24/3	mailing-listx_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2015/09/22/7	mailing-listx_refsource_MLIST

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:43:46.348Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://code.google.com/p/google-security-research/issues/detail?id=537"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://veracrypt.codeplex.com/wikipage?title=Release%20Notes"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/133877/Truecrypt-7-Privilege-Escalation.html"
          },
          {
            "name": "[oss-security] 20150924 Re: CVE Request - TrueCrypt 7.1a and VeraCrypt 1.14 Local Elevation of Privilege",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/09/24/3"
          },
          {
            "name": "[oss-security] 20150922 CVE Request - TrueCrypt 7.1a and VeraCrypt 1.14 Local Elevation of Privilege",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/09/22/7"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-09-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The (1) IsVolumeAccessibleByCurrentUser and (2) MountDevice methods in Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, do not check the impersonation level of impersonation tokens, which allows local users to impersonate a user at SecurityIdentify level and gain access to other users\u0027 mounted encrypted volumes."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-02T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://code.google.com/p/google-security-research/issues/detail?id=537"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://veracrypt.codeplex.com/wikipage?title=Release%20Notes"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/133877/Truecrypt-7-Privilege-Escalation.html"
        },
        {
          "name": "[oss-security] 20150924 Re: CVE Request - TrueCrypt 7.1a and VeraCrypt 1.14 Local Elevation of Privilege",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/09/24/3"
        },
        {
          "name": "[oss-security] 20150922 CVE Request - TrueCrypt 7.1a and VeraCrypt 1.14 Local Elevation of Privilege",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/09/22/7"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-7359",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The (1) IsVolumeAccessibleByCurrentUser and (2) MountDevice methods in Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, do not check the impersonation level of impersonation tokens, which allows local users to impersonate a user at SecurityIdentify level and gain access to other users\u0027 mounted encrypted volumes."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://code.google.com/p/google-security-research/issues/detail?id=537",
              "refsource": "MISC",
              "url": "https://code.google.com/p/google-security-research/issues/detail?id=537"
            },
            {
              "name": "https://veracrypt.codeplex.com/wikipage?title=Release%20Notes",
              "refsource": "CONFIRM",
              "url": "https://veracrypt.codeplex.com/wikipage?title=Release%20Notes"
            },
            {
              "name": "http://packetstormsecurity.com/files/133877/Truecrypt-7-Privilege-Escalation.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/133877/Truecrypt-7-Privilege-Escalation.html"
            },
            {
              "name": "[oss-security] 20150924 Re: CVE Request - TrueCrypt 7.1a and VeraCrypt 1.14 Local Elevation of Privilege",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/09/24/3"
            },
            {
              "name": "[oss-security] 20150922 CVE Request - TrueCrypt 7.1a and VeraCrypt 1.14 Local Elevation of Privilege",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/09/22/7"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-7359",
    "datePublished": "2017-10-02T19:00:00",
    "dateReserved": "2015-09-24T00:00:00",
    "dateUpdated": "2024-08-06T07:43:46.348Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CERTFR-2015-AVI-420

Solution

CVE-2015-7358 (GCVE-0-2015-7358)

CVE-2015-7359 (GCVE-0-2015-7359)

Tags

Sightings

Nomenclature