Vigil@nce - TrueCrypt: multiple vulnerabilities
April 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of TrueCrypt.
– Impacted products: TrueCrypt
– Severity: 2/4
– Creation date: 15/04/2014
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in TrueCrypt.
An attacker can perform a brute force on an encrypted volume, with
a PBKDF2 header, in order to decrypt it. [severity:1/4]
When the system is low in physical memory, an attacker can read
pages (swap) on the disk, in order to obtain sensitive
information. [severity:1/4]
An attacker can generate an integer overflow in the Bootloader
Decompressor, in order to trigger a denial of service, and
possibly to execute code. [severity:2/4]
The code uses memset() to delete data, but it may be optimized by
the compiler. An attacker can then obtain sensitive information.
[severity:1/4]
An attacker can use TC_IOCTL_GET_SYSTEM_DRIVE_DUMP_CONFIG, in
order to obtain a pointer address to bypass ALSR. [severity:1/4;
CVE-2014-2884]
An attacker can generate an integer overflow in IOCTL_DISK_VERIFY,
in order to trigger a denial of service, and possibly to execute
code. [severity:2/4]
An attacker can use TC_IOCTL_OPEN_TEST, in order to obtain
sensitive information. [severity:1/4]
An attacker can generate an integer overflow in MainThreadProc, in
order to trigger a denial of service, and possibly to execute
code. [severity:2/4; CVE-2014-2885]
An attacker can use "\device\", in order to bypass a check in
MountVolume(). [severity:1/4]
An attacker can use TC_IOCTL_BOOT_ENCRYPTION_SETUP or
TC_IOCTL_START_DECOY_SYSTEM_WIPE, in order to trigger a denial of
service. [severity:1/4]
When the system is low in physical memory, the EncryptDataUnits()
function can write clear text data. An attacker can then obtain
sensitive information. [severity:2/4]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/TrueCrypt-multiple-vulnerabilities-14595