Vulnerability Details CVE-2016-4484
The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 64.6%
CVSS Severity
CVSS v3 Score 6.8
CVSS v2 Score 7.2
References
- http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html
- http://www.openwall.com/lists/oss-security/2016/11/14/13
- http://www.openwall.com/lists/oss-security/2016/11/15/1
- http://www.openwall.com/lists/oss-security/2016/11/15/4
- http://www.openwall.com/lists/oss-security/2016/11/16/6
- http://www.securityfocus.com/bid/94315
- https://gitlab.com/cryptsetup/cryptsetup/commit/ef8a7d82d8d3716ae9b58179590f7908981fa0cb
- http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html
- http://www.openwall.com/lists/oss-security/2016/11/14/13
- http://www.openwall.com/lists/oss-security/2016/11/15/1
- http://www.openwall.com/lists/oss-security/2016/11/15/4
- http://www.openwall.com/lists/oss-security/2016/11/16/6
- http://www.securityfocus.com/bid/94315
- https://gitlab.com/cryptsetup/cryptsetup/commit/ef8a7d82d8d3716ae9b58179590f7908981fa0cb
Products affected by CVE-2016-4484
-
cpe:2.3:a:cryptsetup_project:cryptsetup:1.0.7
-
cpe:2.3:a:cryptsetup_project:cryptsetup:1.1.0
-
cpe:2.3:a:cryptsetup_project:cryptsetup:1.1.1
-
cpe:2.3:a:cryptsetup_project:cryptsetup:1.1.2
-
cpe:2.3:a:cryptsetup_project:cryptsetup:1.1.3
-
cpe:2.3:a:cryptsetup_project:cryptsetup:1.2.0
-
cpe:2.3:a:cryptsetup_project:cryptsetup:1.3.0
-
cpe:2.3:a:cryptsetup_project:cryptsetup:1.3.1
-
cpe:2.3:a:cryptsetup_project:cryptsetup:1.4.0
-
cpe:2.3:a:cryptsetup_project:cryptsetup:1.4.1
-
cpe:2.3:a:cryptsetup_project:cryptsetup:1.4.2
-
cpe:2.3:a:cryptsetup_project:cryptsetup:1.4.3
-
cpe:2.3:a:cryptsetup_project:cryptsetup:1.5.0
-
cpe:2.3:a:cryptsetup_project:cryptsetup:1.5.1
-
cpe:2.3:a:cryptsetup_project:cryptsetup:1.6.0
-
cpe:2.3:a:cryptsetup_project:cryptsetup:1.6.1
-
cpe:2.3:a:cryptsetup_project:cryptsetup:1.6.2
-
cpe:2.3:a:cryptsetup_project:cryptsetup:1.6.3
-
cpe:2.3:a:cryptsetup_project:cryptsetup:1.6.4
-
cpe:2.3:a:cryptsetup_project:cryptsetup:1.6.5
-
cpe:2.3:a:cryptsetup_project:cryptsetup:1.6.6
-
cpe:2.3:a:cryptsetup_project:cryptsetup:1.6.7
-
cpe:2.3:a:cryptsetup_project:cryptsetup:1.6.8
-
cpe:2.3:a:cryptsetup_project:cryptsetup:1.7.0
-
cpe:2.3:a:cryptsetup_project:cryptsetup:1.7.1
-
cpe:2.3:a:cryptsetup_project:cryptsetup:1.7.2
-
cpe:2.3:a:cryptsetup_project:cryptsetup:1.7.3
-
cpe:2.3:a:cryptsetup_project:cryptsetup:1.7.4
-
cpe:2.3:a:cryptsetup_project:cryptsetup:1.7.5
-
cpe:2.3:a:cryptsetup_project:cryptsetup:2.0.0
-
cpe:2.3:a:cryptsetup_project:cryptsetup:2.0.1
-
cpe:2.3:a:cryptsetup_project:cryptsetup:2.0.2
-
cpe:2.3:a:cryptsetup_project:cryptsetup:2.0.3
-
cpe:2.3:a:cryptsetup_project:cryptsetup:2.0.4
-
cpe:2.3:a:cryptsetup_project:cryptsetup:2.0.5
-
cpe:2.3:a:cryptsetup_project:cryptsetup:2.0.6
-
cpe:2.3:a:cryptsetup_project:cryptsetup:2.1.0
-
cpe:2.3:a:cryptsetup_project:cryptsetup:2.1.7.3-2