Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2015-8370

Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an "Off-by-two" or "Out of bounds overwrite" memory error.

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2015121...
MISC: http://hmarco.org/bugs...
FEDORA: FEDORA-2015-cebe5133e7
CONFIRM: http://www.oracle.com/...
CONFIRM: http://www.oracle.com/...
BID: 79358
FULLDISC: 20151216 Back to 28: G...
MISC: http://packetstormsecu...
DEBIAN: DSA-3421
FEDORA: FEDORA-2015-90c27b6e91
GENTOO: GLSA-201512-03
REDHAT: RHSA-2015:2623
SUSE: SUSE-SU-2015:2385
SUSE: SUSE-SU-2015:2386
SUSE: SUSE-SU-2015:2387
SUSE: SUSE-SU-2015:2399
SUSE: openSUSE-SU-2015:2375
SUSE: openSUSE-SU-2015:2392
SUSE: openSUSE-SU-2016:0036
UBUNTU: USN-2836-1
SECTRACK: 1034422
BUGTRAQ: 20151215 Back to 28: G...
MLIST: [oss-security] 2024011...

Launchpad.net

CVE 2015-8370

Related bugs

References