The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of TrueCrypt

vulnerability announce 20432

TrueCrypt: detecting hidden partition

Synthesis of the vulnerability

An attacker can detect hidden partitions of TrueCrypt.
Impacted products: Windows (platform) ~ not comprehensive, TrueCrypt, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: data reading.
Provenance: document.
Creation date: 19/08/2016.
Identifiers: VIGILANCE-VUL-20432.

Description of the vulnerability

The TrueCrypt product can use hidden partitions.

However, an attacker can detect these partitions.

An attacker can therefore detect hidden partitions of TrueCrypt.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert 18671

Windows: code execution during application installation

Synthesis of the vulnerability

An attacker can invite the victim to download malicious libraries on Windows, in order to run code during the installation of an application requiring these DLL.
Impacted products: 7-Zip, ZoneAlarm, FileZilla Server, GIMP, Chrome, Kaspersky AV, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows (platform) ~ not comprehensive, Windows RT, Windows Vista, Opera, Panda AV, Panda Internet Security, PuTTY, OfficeScan, TrueCrypt, VLC.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: document.
Creation date: 11/01/2016.
Identifiers: sk110055, VIGILANCE-VUL-18671.

Description of the vulnerability

When a user installs a new application on Windows, he downloads the installation program (install.exe for example), and then runs it.

However, several installation programs load DLL (for example graph.dll) from the current directory. So, if an attacker invited the victim to download a malicious graph.dll file, before he runs install.exe from the Download directory, the code located in the DLL is run.

See also the bulletin VIGILANCE-VUL-19558 for other impacted products.

An attacker can therefore invite the victim to download malicious libraries on Windows, in order to run code during the installation of an application requiring these DLL.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2015-7358 CVE-2015-7359

TrueCrypt: privilege escalation

Synthesis of the vulnerability

A local attacker can bypass restrictions of TrueCrypt, in order to escalate his privileges.
Impacted products: Windows (platform) ~ not comprehensive, TrueCrypt.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 23/09/2015.
Revision date: 25/09/2015.
Identifiers: CVE-2015-7358, CVE-2015-7359, VIGILANCE-VUL-17959.

Description of the vulnerability

The TrueCrypt product is a disk encryption tool for Windows. It is impacted by two vulnerabilities.

An error in the volume letter management allows an attacker to raise his privileges. [severity:2/4; CVE-2015-7358]

An attacker can impersonate a token, in order to escalate his privileges. [severity:2/4; CVE-2015-7359]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2014-2884 CVE-2014-2885

TrueCrypt: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of TrueCrypt.
Impacted products: TrueCrypt.
Severity: 2/4.
Consequences: user access/rights, data reading.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 11.
Creation date: 15/04/2014.
Identifiers: CVE-2014-2884, CVE-2014-2885, VIGILANCE-VUL-14595.

Description of the vulnerability

Several vulnerabilities were announced in TrueCrypt.

An attacker can perform a brute force on an encrypted volume, with a PBKDF2 header, in order to decrypt it. [severity:1/4]

When the system is low in physical memory, an attacker can read pages (swap) on the disk, in order to obtain sensitive information. [severity:1/4]

An attacker can generate an integer overflow in the Bootloader Decompressor, in order to trigger a denial of service, and possibly to execute code. [severity:2/4]

The code uses memset() to delete data, but it may be optimized by the compiler. An attacker can then obtain sensitive information. [severity:1/4]

An attacker can use TC_IOCTL_GET_SYSTEM_DRIVE_DUMP_CONFIG, in order to obtain a pointer address to bypass ALSR. [severity:1/4; CVE-2014-2884]

An attacker can generate an integer overflow in IOCTL_DISK_VERIFY, in order to trigger a denial of service, and possibly to execute code. [severity:2/4]

An attacker can use TC_IOCTL_OPEN_TEST, in order to obtain sensitive information. [severity:1/4]

An attacker can generate an integer overflow in MainThreadProc, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; CVE-2014-2885]

An attacker can use "\\device\", in order to bypass a check in MountVolume(). [severity:1/4]

An attacker can use TC_IOCTL_BOOT_ENCRYPTION_SETUP or TC_IOCTL_START_DECOY_SYSTEM_WIPE, in order to trigger a denial of service. [severity:1/4]

When the system is low in physical memory, the EncryptDataUnits() function can write clear text data. An attacker can then obtain sensitive information. [severity:2/4]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note 8279

TrueCrypt: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities were announced in TrueCrypt.
Impacted products: TrueCrypt.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: document.
Creation date: 02/12/2008.
Identifiers: VIGILANCE-VUL-8279.

Description of the vulnerability

Several vulnerabilities or weaknesses were announced in TrueCrypt.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2008-3895 CVE-2008-3896 CVE-2008-3897

GRUB, LILO, TrueCrypt: password disclosure

Synthesis of the vulnerability

A vulnerability of GRUB, LILO and TrueCrypt can be used by a local attacker to obtain the password entered when the system starts.
Impacted products: Windows (platform) ~ not comprehensive, TrueCrypt, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 7.
Creation date: 27/08/2008.
Identifiers: CVE-2008-3895, CVE-2008-3896, CVE-2008-3897, CVE-2008-3898, CVE-2008-3899, CVE-2008-3900, CVE-2008-3901, IVIZ-08-001, IVIZ-08-002, IVIZ-08-003, IVIZ-08-004, IVIZ-08-005, IVIZ-08-006, IVIZ-08-007, IVIZ-08-008, IVIZ-08-009, VIGILANCE-VUL-8065.

Description of the vulnerability

When the computer starts, data entered on the keyboard are stored at the address 0x40:0x1e (named "BIOS Keyboard Buffer").

Softwares such as GRUB, LILO and TrueCrypt ask user to enter a password on booting. This password is stored at the address 0x40:0x1e.

However, these software do not erase the memory area after its usage. This memory address can be read by all users on Windows and by root on Unix.

A local attacker can therefore obtain the password that was entered when user booted the computer.
Full Vigil@nce bulletin... (Free trial)

vulnerability note 7954

TrueCrypt: detecting a DFS

Synthesis of the vulnerability

A local attacker can detect if a Deniable File System exists in the TrueCrypt partition.
Impacted products: TrueCrypt.
Severity: 1/4.
Consequences: data reading.
Provenance: physical access.
Creation date: 17/07/2008.
Identifiers: VIGILANCE-VUL-7954.

Description of the vulnerability

The TrueCrypt program encrypts user's data. TrueCrypt can also create a DFS (Deniable File Systems) to hide files, by using a second passphrase.

However, when DFS is mounted, and when user opens a file with Word for example, the filename is stored in the history of opened files.

An attacker can thus detect if a DFS exists and some files it contains.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2007-1738

TrueCrypt: unchecked mount point

Synthesis of the vulnerability

Under Linux, a local attacker can mount a volume on a sensitive directory in order to generate a denial of service or to create a Trojan.
Impacted products: TrueCrypt.
Severity: 2/4.
Consequences: user access/rights, denial of service on server.
Provenance: user account.
Creation date: 29/03/2007.
Revision date: 05/04/2007.
Identifiers: BID-23180, CVE-2007-1738, VIGILANCE-VUL-6696.

Description of the vulnerability

On a Linux platform, TrueCrypt can be installed suid in order to permit each user to mount his own encrypted volume.

However, in this case, TrueCrypt does not check the mount point indicated by user. A local attacker can for example mount his volume on:
 - /usr/bin
 - /home/user
 - etc.

A local attacker can therefore install a Trojan Horse or create a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin 6663

TrueCrypt: umounting volume

Synthesis of the vulnerability

Under Linux, a local attacker can umount the volume mounted by another user.
Impacted products: TrueCrypt.
Severity: 1/4.
Consequences: denial of service on service.
Provenance: user shell.
Creation date: 20/03/2007.
Identifiers: BID-23128, VIGILANCE-VUL-6663.

Description of the vulnerability

On a Linux platform, TrueCrypt can be installed suid in order to permit each user to mount his own encrypted volume.

However, in this case, TrueCrypt does not check if user who umounts the volume is the same as the user who mounted it.

A local attacker can therefore generate a denial of service by umounting volumes of other users.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about TrueCrypt: