CVE-2016-4484
First published: Mon Jan 23 2017(Updated: )
The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cryptsetup Project Cryptsetup | <=2.1.7.3-2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html
- http://www.openwall.com/lists/oss-security/2016/11/14/13
- http://www.openwall.com/lists/oss-security/2016/11/15/1
- http://www.openwall.com/lists/oss-security/2016/11/15/4
- http://www.openwall.com/lists/oss-security/2016/11/16/6
- http://www.securityfocus.com/bid/94315
- https://gitlab.com/cryptsetup/cryptsetup/commit/ef8a7d82d8d3716ae9b58179590f7908981fa0cb
- collector/nvd-index
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/weakness
- agent/references
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/remedy
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/cryptsetup project
- canonical/cryptsetup project cryptsetup
- version/cryptsetup project cryptsetup/2.1.7.3-2