94188 – Kernel: Cryptoloop Information Disclosure Vulnerability (CAN-2004-2135)

Bug 94188 - Kernel: Cryptoloop Information Disclosure Vulnerability (CAN-2004-2135)

Summary: Kernel: Cryptoloop Information Disclosure Vulnerability (CAN-2004-2135)

Status:	RESOLVED UPSTREAM

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All Other

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://www.securityfocus.com/bid/13775
Whiteboard:	[linux <2.6.12]
Keywords:

Depends on:
Blocks:

Reported:	2005-05-27 08:00 UTC by Jean-François Brunette (RETIRED)
Modified:	2009-08-21 19:05 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jean-François Brunette (RETIRED) gentoo-dev

2005-05-27 08:00:31 UTC

Both cryptoloop and dm-crypt are reported prone to an information disclosure vulnerability. Reports indicate that certain watermarked files may be detected on a filesystem that is encrypted using the affected loop device encryption schemes.

It should be noted that a successful attack would reveal the presence of a watermarked file but not the file contents. 

The following exploit is available:

# /data/vulnerabilities/exploits/cryptoloop-exploit.tar.bz2

Comment 1 Tim Yamin (RETIRED) gentoo-dev

2005-06-18 03:12:07 UTC

Closing as upstream - this seems to be a bad implementation of AES for
cryptoloop in general rather than a specific issue relating to some code so
upstream will have to remove it/fix it.