Skip to content
cyberexploits
localwindowstext

TrueCrypt 4.3 - 'setuid' Privilege Escalation

TrueCrypt 4.3 - 'setuid' Privilege Escalation

Published on 2007-04-04

Source code

Pinned to commit 7eac4c3a2ce5
textplatforms/windows/local/3664.txt7eac4c3a
raw
# $Id: raptor_truecrypt,v 1.1.1.1 2007/04/04 11:31:56 raptor Exp $

#

# raptor_truecrypt - setuid truecrypt privilege escalation

# Copyright (c) 2007 Marco Ivaldi <raptor@0xdeadbeef.info>

#

# TrueCrypt 4.3, when installed setuid root, allows local users to cause a 

# denial of service (filesystem unavailability) or gain privileges by mounting 

# a crafted TrueCrypt volume, as demonstrated using (1) /usr/bin or (2) another

# user's home directory, a different issue than CVE-2007-1589 (CVE-2007-1738).

#

# WARNING: THIS IS A PROOF OF CONCEPT EXPLOIT TAKING ADVANTAGE OF NPTL THREAD

# LOCAL STORAGE DYNAMIC LINKING MODEL, DO NOT USE IT IF YOU DON'T KNOW HOW IT

# WORKS! YEAH, IT *DOES* REQUIRE SOME TWEAKINGS TO EXPLOIT NON-TLS PLATFORMS!

#

# Other possible attack vectors: /etc/cron.{d,hourly,daily,weekly,monthly}, at 

# (/var/spool/atjobs/), xinetd (/etc/xinetd.d), /etc/logrotate.d, and more...



http://www.0xdeadbeef.info/exploits/raptor_truecrypt.tgz

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/3664.tgz



# milw0rm.com [2007-04-04]

View on GitHub