Latest Keylime Vulnerabilities

CVE-2023-38201
Keylime: challenge-response protocol bypass during agent registration
pip/keylime<7.5.0
Keylime Keylime<7.5.0
Redhat Enterprise Linux=9.0
Redhat Enterprise Linux Eus=9.2
Redhat Enterprise Linux For Ibm Z Systems=9.0_s390x
Redhat Enterprise Linux For Ibm Z Systems Eus=9.2_s390x
and 5 more
CVE-2023-38200
Keylime: registrar is subject to a dos against ssl connections
redhat/keylime<7.5.0
Keylime Keylime
Redhat Enterprise Linux=9.0
Fedoraproject Fedora
=9.0
and 8 more
CVE-2023-3674
Keylime: attestation failure when the quote's signature does not validate
pip/keylime<7.2.5
Keylime Keylime<7.2.5
Fedoraproject Fedora=38
redhat/keylime<7.2.5
redhat/keylime<7.3.0
<7.2.5
and 1 more
CVE-2022-3500
A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors ...
Keylime Keylime<6.5.1
Redhat Enterprise Linux=9.0
Fedoraproject Fedora=35
Fedoraproject Fedora=36
Fedoraproject Fedora=37
CVE-2022-23949
In Keylime before 6.3.0, unsanitized UUIDs can be passed by a rogue agent and can lead to log spoofing on the verifier and registrar.
Keylime Keylime<6.3.0
CVE-2022-23950
In Keylime before 6.3.0, Revocation Notifier uses a fixed /tmp path for UNIX domain socket which can allow unprivileged users a method to prohibit keylime operations.
Keylime Keylime<6.3.0
CVE-2022-23952
In Keylime before 6.3.0, current keylime installer installs the keylime.conf file, which can contain sensitive data, as world-readable.
Keylime Keylime<6.3.0
CVE-2022-23951
In Keylime before 6.3.0, quote responses from the agent can contain possibly untrusted ZIP data which can lead to zip bombs.
Keylime Keylime<6.3.0
CVE-2022-23948
A flaw was found in Keylime before 6.3.0. The logic in the Keylime agent for checking for a secure mount can be fooled by previously created unprivileged mounts allowing secrets to be leaked to other ...
Keylime Keylime<6.3.0
CVE-2021-43310
A vulnerability in Keylime before 6.3.0 allows an attacker to craft a request to the agent that resets the U and V keys as if the agent were being re-added to a verifier. This could lead to a remote c...
Keylime Keylime<6.3.0
CVE-2022-1053
Keylime does not enforce that the agent registrar data is the same when the tenant uses it for validation of the EK and identity quote and the verifier for validating the integrity quote. This allows ...
Keylime Keylime<6.4.0
Fedoraproject Fedora=34
Fedoraproject Fedora=35
Fedoraproject Fedora=36
CVE-2021-3406
A flaw was found in keylime 5.8.1 and older. The issue in the Keylime agent and registrar code invalidates the cryptographic chain of trust from the Endorsement Key certificate to agent attestations. ...
redhat/keylime<6.0.0
Keylime Keylime<=5.8.1
Fedoraproject Fedora=34

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203