TrueCrypt Mount Set-EUID Local Privilege Escalation Vulnerability

Bugtraq ID:	23180
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2007-1738
Remote:	No
Local:	Yes
Published:	Mar 28 2007 12:00AM
Updated:	Nov 01 2007 05:06PM
Credit:	Tim Rees <[email protected]> is credited with the discovery of this vulnerability.
Vulnerable:	TrueCrypt TrueCrypt 4.3 TrueCrypt TrueCrypt 4.2 TrueCrypt TrueCrypt 4.1 TrueCrypt TrueCrypt 4.0 TrueCrypt TrueCrypt 3.0
Not Vulnerable:

TrueCrypt Mount Set-EUID Local Privilege Escalation Vulnerability

Truecrypt is prone to a local privilege-escalation vulnerability.

Exploiting this issue allows local attackers to attain superuser privileges, which can lead to a complete system compromise.

This issue affects Truecrypt 4.3; earlier versions may also be vulnerable.

TrueCrypt Mount Set-EUID Local Privilege Escalation Vulnerability

The attacker uses the vulnerable application itself to exploit this issue.

UPDATE: Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.

The following exploit is available:

• /data/vulnerabilities/exploits/raptor_truecrypt.tgz

TrueCrypt Mount Set-EUID Local Privilege Escalation Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

TrueCrypt Mount Set-EUID Local Privilege Escalation Vulnerability

References:

• TrueCrypt Homepage (TrueCrypt)
  
• Denial of Service Vulnerabilities in TrueCrypt 4.3 Linux (re. bid 23180) (Tim Rees)
  
• Re: Denial of Service Vulnerabilities in TrueCrypt 4.3 Linux (re. bid 23180) (Marco Ivaldi )