CVE-2008-3896

Grub Legacy 0.97 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gnu:grub_legacy:*:*:*:*:*:*:*:*
cpe:2.3:a:gnu:grub_legacy:0.92:*:*:*:*:*:*:*
cpe:2.3:a:gnu:grub_legacy:0.93:*:*:*:*:*:*:*
cpe:2.3:a:gnu:grub_legacy:0.94:*:*:*:*:*:*:*
cpe:2.3:a:gnu:grub_legacy:0.94-i386-pc:*:*:*:*:*:*:*
cpe:2.3:a:gnu:grub_legacy:0.95:*:*:*:*:*:*:*
cpe:2.3:a:gnu:grub_legacy:0.95-i386-pc:*:*:*:*:*:*:*
cpe:2.3:a:gnu:grub_legacy:0.96:*:*:*:*:*:*:*
cpe:2.3:a:gnu:grub_legacy:0.96-i386-pc:*:*:*:*:*:*:*
cpe:2.3:a:gnu:grub_legacy:0.97-i386-pc:*:*:*:*:*:*:*

History

No history.

Information

Published : 2008-09-03 14:12

Updated : 2024-02-04 17:33


NVD link : CVE-2008-3896

Mitre link : CVE-2008-3896

CVE.ORG link : CVE-2008-3896


JSON object : View

Products Affected

gnu

  • grub_legacy
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor