raptor_truecrypt

vendor:

TrueCrypt

by:

Marco Ivaldi

N/A

CVSS

N/A

setuid truecrypt privilege escalation

Unknown

CWE

Product Name: TrueCrypt

Affected Version From: TrueCrypt 4.3

Affected Version To: Unknown

Patch Exists: NO

Related CWE: CVE-2007-1738

CPE: Unknown

Metasploit:

Other Scripts:

Platforms Tested:

2007

TrueCrypt 4.3, when installed setuid root, allows local users to cause a denial of service (filesystem unavailability) or gain privileges by mounting a crafted TrueCrypt volume, as demonstrated using (1) /usr/bin or (2) another user's home directory, a different issue than CVE-2007-1589 (CVE-2007-1738).

Mitigation:

Unknown

Source

Exploit-DB raw data:

# $Id: raptor_truecrypt,v 1.1.1.1 2007/04/04 11:31:56 raptor Exp $
#
# raptor_truecrypt - setuid truecrypt privilege escalation
# Copyright (c) 2007 Marco Ivaldi <raptor@0xdeadbeef.info>
#
# TrueCrypt 4.3, when installed setuid root, allows local users to cause a 
# denial of service (filesystem unavailability) or gain privileges by mounting 
# a crafted TrueCrypt volume, as demonstrated using (1) /usr/bin or (2) another
# user's home directory, a different issue than CVE-2007-1589 (CVE-2007-1738).
#
# WARNING: THIS IS A PROOF OF CONCEPT EXPLOIT TAKING ADVANTAGE OF NPTL THREAD
# LOCAL STORAGE DYNAMIC LINKING MODEL, DO NOT USE IT IF YOU DON'T KNOW HOW IT
# WORKS! YEAH, IT *DOES* REQUIRE SOME TWEAKINGS TO EXPLOIT NON-TLS PLATFORMS!
#
# Other possible attack vectors: /etc/cron.{d,hourly,daily,weekly,monthly}, at 
# (/var/spool/atjobs/), xinetd (/etc/xinetd.d), /etc/logrotate.d, and more...

http://www.0xdeadbeef.info/exploits/raptor_truecrypt.tgz
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/3664.tgz

# milw0rm.com [2007-04-04]