Freely subscribe to our NEWSLETTER

This bulletin was written by Vigil@nce : http://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

An attacker can use several vulnerabilities of TrueCrypt.

– Impacted products: TrueCrypt
– Severity: 2/4
– Creation date: 15/04/2014

DESCRIPTION OF THE VULNERABILITY

Several vulnerabilities were announced in TrueCrypt.

An attacker can perform a brute force on an encrypted volume, with
a PBKDF2 header, in order to decrypt it. [severity:1/4]

When the system is low in physical memory, an attacker can read
pages (swap) on the disk, in order to obtain sensitive
information. [severity:1/4]

An attacker can generate an integer overflow in the Bootloader
Decompressor, in order to trigger a denial of service, and
possibly to execute code. [severity:2/4]

The code uses memset() to delete data, but it may be optimized by
the compiler. An attacker can then obtain sensitive information.
[severity:1/4]

An attacker can use TC_IOCTL_GET_SYSTEM_DRIVE_DUMP_CONFIG, in
order to obtain a pointer address to bypass ALSR. [severity:1/4;
CVE-2014-2884]

An attacker can generate an integer overflow in IOCTL_DISK_VERIFY,
in order to trigger a denial of service, and possibly to execute
code. [severity:2/4]

An attacker can use TC_IOCTL_OPEN_TEST, in order to obtain
sensitive information. [severity:1/4]

An attacker can generate an integer overflow in MainThreadProc, in
order to trigger a denial of service, and possibly to execute
code. [severity:2/4; CVE-2014-2885]

An attacker can use "\device\", in order to bypass a check in
MountVolume(). [severity:1/4]

An attacker can use TC_IOCTL_BOOT_ENCRYPTION_SETUP or
TC_IOCTL_START_DECOY_SYSTEM_WIPE, in order to trigger a denial of
service. [severity:1/4]

When the system is low in physical memory, the EncryptDataUnits()
function can write clear text data. An attacker can then obtain
sensitive information. [severity:2/4]

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/TrueCrypt-multiple-vulnerabilities-14595