[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370]

To: oss-security@xxxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx, bugs@xxxxxxxxxxxxxxxxxxx, fulldisclosure@xxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [FD] Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370]
From: Hector Marco-Gisbert <hecmargi@xxxxxx>
Date: Tue, 15 Dec 2015 12:49:55 +0100

Hi everyone,

A vulnerability in Grub2 (Back to 28) has been found. Versions from 1.98

(December, 2009) to 2.02 (December, 2015) are affected. The vulnerability can beexploited under certain circumstances, allowing local attackers to bypass anykind of authentication (plain or hashed passwords). And so, the attacker maytake control of the computer.



More details at:
http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html


Regards,
Hector Marco & Ismael Ripoll.


--
Dr. Hector Marco-Gisbert @ http://hmarco.org/
Cyber Security Researcher @ http://cybersecurity.upv.es
Universitat Politècnica de València (Spain)

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] #BadWinmail: The "Enterprise Killer" Attack Vector in Microsoft Outlook
Next by Date: [FD] libnsgif: stack overflow (CVE-2015-7505) and out-of-bounds read (CVE-2015-7506)
Previous by thread: [FD] #BadWinmail: The "Enterprise Killer" Attack Vector in Microsoft Outlook
Next by thread: [FD] libnsgif: stack overflow (CVE-2015-7505) and out-of-bounds read (CVE-2015-7506)
Index(es):
- Date
- Thread