[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [IVIZ-08-009] Grub Legacy Security Model bypass exploiting wrong BIOS API usage

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: [IVIZ-08-009] Grub Legacy Security Model bypass exploiting wrong BIOS API usage
From: phcoder@xxxxxxxxx
Date: 25 Aug 2009 15:27:34 -0000

This problem is not a threat because root user is able to boot any kernel 
without going through boot sequence (kexec) and is able to recover disk 
encryption key by inspecting dmcrypt module in memory. If an OS allows user to 
read raw memory without being root it's a security hole in OS and not in GRUB

Prev by Date: Re: DoS vulnerability in Google Chrome
Next by Date: [security bulletin] HPSBTU02453 SSRT091037 rev.2 - HP Tru64 UNIX or HP Tru64 Internet Express Running BIND Server, Denial of Service (DoS)
Previous by thread: EesySec Personal Firewall Remote Buffer Overflow Exploit
Next by thread: [security bulletin] HPSBTU02453 SSRT091037 rev.2 - HP Tru64 UNIX or HP Tru64 Internet Express Running BIND Server, Denial of Service (DoS)
Index(es):
- Date
- Thread