Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2024.0170
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2024-0170)
Zusammenfassung:	The remote host is missing an update for the 'tpm2-tools' package(s) announced via the MGASA-2024-0170 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'tpm2-tools' package(s) announced via the MGASA-2024-0170 advisory. Vulnerability Insight: A flaw was found in the tpm2-tools package. This issue occurs due to a missing check whether the magic number in attest is equal to TPM2_GENERATED_VALUE, which can allow an attacker to generate arbitrary quote data that may not be detected by tpm2_checkquote (CVE-2024-29038). The pcr selection which is passed with the --pcr parameter is not compared with the attest. So it is possible to fake a valid attestation (CVE-2024-29039). A vulnerability classified as problematic was found in tpm2-tools. This vulnerability affects an unknown code of the file tools/misc/tpm2_checkquote.c of the component pcr Selection Value Handler. The manipulation with an unknown input leads to a comparison vulnerability. The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses. Affected Software/OS: 'tpm2-tools' package(s) on Mageia 9. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2024-29038 Common Vulnerability Exposure (CVE) ID: CVE-2024-29039
Copyright	Copyright (C) 2024 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.