Pre-boot Authentication Vulnerability in Grub Legacy by GNU
CVE-2008-3896

Currently unrated

Key Information:

Vendor: Gnu
Status: Grub Legacy
Vendor: CVE Published:; 3 September 2008

Summary

Grub Legacy versions 0.97 and earlier contain a vulnerability where pre-boot authentication passwords are improperly stored in the BIOS Keyboard buffer. This buffer is not cleared before and after usage, allowing local users to access sensitive authentication data by reading physical memory locations tied to the buffer. This security oversight can lead to unauthorized access and compromises overall system security.

References

http://www.securityfocus.com/archive/1/495726/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://securityreason.com/securityalert/4206

third-party-advisoryx_refsource_SREASON

http://www.ivizsecurity.com/preboot-patch.html

x_refsource_MISC

Timeline

Vulnerability published
Sep 3, 2008
Vulnerability Reserved
Sep 3, 2008