Vigil@nce - TrueCrypt: multiple vulnerabilities
April 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of TrueCrypt.
Impacted products: TrueCrypt
Severity: 2/4
Creation date: 15/04/2014
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in TrueCrypt.
An attacker can perform a brute force on an encrypted volume, with a PBKDF2 header, in order to decrypt it. [severity:1/4]
When the system is low in physical memory, an attacker can read pages (swap) on the disk, in order to obtain sensitive information. [severity:1/4]
An attacker can generate an integer overflow in the Bootloader Decompressor, in order to trigger a denial of service, and possibly to execute code. [severity:2/4]
The code uses memset() to delete data, but it may be optimized by the compiler. An attacker can then obtain sensitive information. [severity:1/4]
An attacker can use TC_IOCTL_GET_SYSTEM_DRIVE_DUMP_CONFIG, in order to obtain a pointer address to bypass ALSR. [severity:1/4; CVE-2014-2884]
An attacker can generate an integer overflow in IOCTL_DISK_VERIFY, in order to trigger a denial of service, and possibly to execute code. [severity:2/4]
An attacker can use TC_IOCTL_OPEN_TEST, in order to obtain sensitive information. [severity:1/4]
An attacker can generate an integer overflow in MainThreadProc, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; CVE-2014-2885]
An attacker can use "\\device\", in order to bypass a check in MountVolume(). [severity:1/4]
An attacker can use TC_IOCTL_BOOT_ENCRYPTION_SETUP or TC_IOCTL_START_DECOY_SYSTEM_WIPE, in order to trigger a denial of service. [severity:1/4]
When the system is low in physical memory, the EncryptDataUnits() function can write clear text data. An attacker can then obtain sensitive information. [severity:2/4]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
Tweeter