The IsDriveLetterAvailable method in Driver/Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, does not properly validate drive letter symbolic links, which allows local users to mount an encrypted volume over an existing drive letter and gain privileges via an entry in the /GLOBAL?? directory.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/133878/Truecrypt-7-Derived-Code-Windows-Drive-Letter-Symbolic-Link-Creation-Privilege-Escalation.html | Third Party Advisory VDB Entry |
http://www.openwall.com/lists/oss-security/2015/09/22/7 | Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2015/09/24/3 | Issue Tracking Mailing List Third Party Advisory |
https://code.google.com/p/google-security-research/issues/detail?id=538 | Third Party Advisory |
https://veracrypt.codeplex.com/wikipage?title=Release%20Notes | Release Notes Vendor Advisory |
https://www.exploit-db.com/exploits/38403/ | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
AND |
|
History
28 Jun 2021, 18:20
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:idrix:veracrypt:*:*:*:*:*:*:*:* |
Information
Published : 2017-10-03 01:29
Updated : 2024-02-04 19:29
NVD link : CVE-2015-7358
Mitre link : CVE-2015-7358
CVE.ORG link : CVE-2015-7358
JSON object : View
Products Affected
truecrypt
- truecrypt
microsoft
- windows
idrix
- veracrypt
ciphershed
- ciphershed
CWE
CWE-264
Permissions, Privileges, and Access Controls