In Keylime prior to 6.3.0, Revocation Notifier uses a fixed /tmp path for UNIX domain socket which can allow unprivileged users a method to prohibit keylime operations.
Hello list,
I have been reviewing the Keylime TPM remote attestation solution [1]
which resulted in a number of security related findings, including an
arbitrary remote code execution in the Keylime Agent component The
upstream project published security advisories, fixes and an update
strategy to Keylime version 63X today Please find the deta ...