Trusted Boot 'loader. c' Security Bypass Vulnerability
Release date:
Updated on:
Affected Systems:
Trusted Boot
Description:
--------------------------------------------------------------------------------
Bugtraq id: 68960
CVE (CAN) ID: CVE-2014-5118
Trusted Boot is an open-source, pre-kernel/vmm module that uses Intel (R) TXT technology to start the OS kernel/VMM after measurement and identification.
The Trusted boot Loader module "tboot" does not detect all command line parameters, which allows attackers to forge measurement boot, bypass security restrictions, and perform unauthorized operations.
<* Source: James Blake
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Trusted Boot
------------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://sourceforge.net/p/tboot/code/ci/0efdaf7c5348701484d24562e6e5323d85bb94d3/
Http://sourceforge.net/p/tboot/mailman/message/32655538/
Http://sourceforge.net/p/tboot/mailman/message/32659733/
This article permanently updates the link address: