Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
TrueCrypt 4.3, when installed setuid root, allows local users to cause a denial of service (filesystem unavailability) or gain privileges by mounting a crafted TrueCrypt volume, as demonstrated using (1) /usr/bin or (2) another user's home directory, a different issue than CVE-2007-1589.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
TrueCrypt加载Set-EUID本地权限提升漏洞
Vulnerability Description
TrueCrypt是一款开源的虚拟加密盘加密软件,不需要生成任何文件即可在硬盘上建立虚拟磁盘。 TrueCrypt的执行程序在实现上存在漏洞,本地攻击者可能利用此漏洞提升自己在系统中的权限。 在以set-uid root模式运行TrueCrypt的Linux系统上,如果运行了以下命令通过/usr/bin加载了基于文件的容器的话: tim# truecrypt -u myvolume.tc /usr/bin 就会导致系统二进制程序变得无法访问;或如果用户将自己的二进制程序拷贝到了文件容器,就会导致用恶意文件
CVSS Information
N/A
Vulnerability Type
N/A