CVE-2015-7358
TrueCrypt 7 / VeraCrypt 1.13 - Drive Letter Symbolic Link Creation Privilege Escalation
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The IsDriveLetterAvailable method in Driver/Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, does not properly validate drive letter symbolic links, which allows local users to mount an encrypted volume over an existing drive letter and gain privileges via an entry in the /GLOBAL?? directory.
El método IsDriveLetterAvailable en Driver/Ntdriver.c en TrueCrypt 7.0, Veracrypt en versiones anteriores a la 1.15 y CipherShed, cuando se ejecuta en Windows, no valida correctamente los enlaces simbólicos de las letras de las unidades de disco, lo que permite a los usuarios locales montar un volumen cifrado en una letra de unidad existente y obtener privilegios mediante una entrada en el directorio /GLOBAL??.
The Windows driver used by projects derived from Truecrypt 7 (verified in Veracrypt and CipherShed) are vulnerable to a local elevation of privilege attack by abusing the drive letter symbolic link creation facilities to remap the main system drive. With the system drive remapped it's trivial to get a new process running under the local system account.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-09-24 CVE Reserved
- 2015-10-05 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/133878/Truecrypt-7-Derived-Code-Windows-Drive-Letter-Symbolic-Link-Creation-Privilege-Escalation.html | Third Party Advisory |
|
| http://www.openwall.com/lists/oss-security/2015/09/22/7 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2015/09/24/3 | Issue Tracking |
|
| https://code.google.com/p/google-security-research/issues/detail?id=538 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/38403 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://veracrypt.codeplex.com/wikipage?title=Release%20Notes | 2021-06-28 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ciphershed Search vendor "Ciphershed" | Ciphershed Search vendor "Ciphershed" for product "Ciphershed" | <= 0.7.5.0 Search vendor "Ciphershed" for product "Ciphershed" and version " <= 0.7.5.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Idrix Search vendor "Idrix" | Veracrypt Search vendor "Idrix" for product "Veracrypt" | <= 1.14 Search vendor "Idrix" for product "Veracrypt" and version " <= 1.14" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Truecrypt Search vendor "Truecrypt" | Truecrypt Search vendor "Truecrypt" for product "Truecrypt" | 7.0 Search vendor "Truecrypt" for product "Truecrypt" and version "7.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|