CVE-2023-38201

Published: 25 August 2023

A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimate user, resulting in a breach of the integrity of the registrar database.

Priority

Status

Package	Release	Status
keylime Launchpad, Ubuntu, Debian	trusty	Ignored (end of standard support)
	xenial	Ignored (end of standard support)
	bionic	Ignored (end of standard support)
	focal	Does not exist
	jammy	Does not exist
	lunar	Does not exist
	upstream	Needs triage

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38201
https://access.redhat.com/security/cve/CVE-2023-38201
https://github.com/keylime/keylime/security/advisories/GHSA-f4r5-q63f-gcww
https://github.com/keylime/keylime/commit/9e5ac9f25cd400b16d5969f531cee28290543f2a
https://bugzilla.redhat.com/show_bug.cgi?id=2222693
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›