Hi there, Am 15.11.2016 um 13:34 schrieb Milan Broz: > just little bit clarification about CVE-2016-4484 > http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html > > This bug is *NOT* cryptsetup/LUKS upstream bug, it is a minor problem in scripts > unlocking an encrypted system. > > It allows attacker to drop to initramdisk shell (without decryption of LUKS data). > > The scripts are part of Debian cryptsetup package (as an addition to upstream) > or part of dracut package (if dracut is used). I decided to write down my thoughts on CVE-2016-4484 and published them in a blog post: https://blog.freesources.org/posts/2016/12/CVE-2016-4484/ Feel free to share your comments, criticism, opinion either in the blog comments or here on the list. Cheers, jonas
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
