ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2024.0170
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2024-0170)
Resumen:	The remote host is missing an update for the 'tpm2-tools' package(s) announced via the MGASA-2024-0170 advisory.
Descripción:	Summary: The remote host is missing an update for the 'tpm2-tools' package(s) announced via the MGASA-2024-0170 advisory. Vulnerability Insight: A flaw was found in the tpm2-tools package. This issue occurs due to a missing check whether the magic number in attest is equal to TPM2_GENERATED_VALUE, which can allow an attacker to generate arbitrary quote data that may not be detected by tpm2_checkquote (CVE-2024-29038). The pcr selection which is passed with the --pcr parameter is not compared with the attest. So it is possible to fake a valid attestation (CVE-2024-29039). A vulnerability classified as problematic was found in tpm2-tools. This vulnerability affects an unknown code of the file tools/misc/tpm2_checkquote.c of the component pcr Selection Value Handler. The manipulation with an unknown input leads to a comparison vulnerability. The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses. Affected Software/OS: 'tpm2-tools' package(s) on Mageia 9. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2024-29038 Common Vulnerability Exposure (CVE) ID: CVE-2024-29039
Copyright	Copyright (C) 2024 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.