[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

253164

 
 

909

 
 

197077

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-8370Date: (C)2015-12-24   (M)2024-01-26


Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an "Off-by-two" or "Out of bounds overwrite" memory error.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.9
Exploit Score: 3.4
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1034422
http://www.securityfocus.com/archive/1/537115/100/0/threaded
http://seclists.org/fulldisclosure/2015/Dec/69
BID-79358
DSA-3421
FEDORA-2015-90c27b6e91
FEDORA-2015-cebe5133e7
GLSA-201512-03
RHSA-2015:2623
SUSE-SU-2015:2385
SUSE-SU-2015:2386
SUSE-SU-2015:2387
SUSE-SU-2015:2399
USN-2836-1
http://www.openwall.com/lists/oss-security/2015/12/15/6
http://www.openwall.com/lists/oss-security/2024/01/15/3
http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html
http://packetstormsecurity.com/files/134831/Grub2-Authentication-Bypass.html
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
openSUSE-SU-2015:2375
openSUSE-SU-2015:2392
openSUSE-SU-2016:0036

CWE    1
CWE-264
OVAL    9
oval:org.secpod.oval:def:602305
oval:org.secpod.oval:def:1501281
oval:org.secpod.oval:def:89045444
oval:org.secpod.oval:def:109947
...

© SecPod Technologies