oss-security - Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370]

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [day] [month] [year] [list]

Date: Tue, 15 Dec 2015 12:49:55 +0100
From: Hector Marco-Gisbert <hecmargi@....es>
To: oss-security@...ts.openwall.com, bugtraq@...urityfocus.com,
        bugs@...uritytracker.com, fulldisclosure@...lists.org,
        full-disclosure@...ts.grok.org.uk
Subject: Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370]

Hi everyone,

A vulnerability in Grub2 (Back to 28) has been found. Versions from 1.98
(December, 2009) to 2.02 (December, 2015) are affected. The vulnerability can be 
exploited under certain circumstances, allowing local attackers to bypass any 
kind of authentication (plain or hashed passwords). And so, the attacker may 
take control of the computer.

More details at:
http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html

Regards,
Hector Marco & Ismael Ripoll.

-- 
Dr. Hector Marco-Gisbert @ http://hmarco.org/
Cyber Security Researcher @ http://cybersecurity.upv.es
Universitat Politècnica de València (Spain)

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.