keylime@6.6.0 vulnerabilities

keylime is a TPM-based key bootstrapping and system integrity measurement system for cloud

Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the registrar code, which allows an attacker to effectively bypass the challenge-response protocol used to verify that an agent has indeed access to an AIK, which in indeed related to the EK. When receiving the wrong auth_tag back from the agent during activation, the registrar answers with an error message containing the expected correct auth_tag (an HMAC calculated within the registrar for checking), which the attacker then uses.

Upgrade keylime to version 7.5.0 or higher.

keylime is a TPM-based key bootstrapping and system integrity measurement system for cloud

Affected versions of this package are vulnerable to Denial of Service (DoS) via SSL connections, which allows an attacker to exhaust all available connections.

Upgrade keylime to version 7.4.0 or higher.

keylime is a TPM-based key bootstrapping and system integrity measurement system for cloud

Affected versions of this package are vulnerable to Mutable Attestation or Measurement Reporting Data due to attestation failure when the quote's signature does not validate. To exploit this vulnerability a non-privileged user would have to modify the keylime agent to create invalid quotes a could then use invalid measurement lists to hide the trust state of a system. The attacker would then have to trick the administrator into using the user's modified keylime agent.

Upgrade keylime to version 7.4.0 or higher.