CVE - CVE-2015-8370

CVE-ID
CVE-2015-8370	Learn more at National Vulnerability Database (NVD) • Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an "Off-by-two" or "Out of bounds overwrite" memory error.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20151215 Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370] URL:http://www.securityfocus.com/archive/1/archive/1/537115/100/0/threaded FULLDISC:20151216 Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370] URL:http://seclists.org/fulldisclosure/2015/Dec/69 MLIST:[oss-security] 20151215 Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370] URL:http://www.openwall.com/lists/oss-security/2015/12/15/6 MISC:http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html MISC:http://packetstormsecurity.com/files/134831/Grub2-Authentication-Bypass.html CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html DEBIAN:DSA-3421 URL:http://www.debian.org/security/2015/dsa-3421 FEDORA:FEDORA-2015-cebe5133e7 URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173703.html FEDORA:FEDORA-2015-90c27b6e91 URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174049.html GENTOO:GLSA-201512-03 URL:https://security.gentoo.org/glsa/201512-03 REDHAT:RHSA-2015:2623 URL:http://rhn.redhat.com/errata/RHSA-2015-2623.html SUSE:SUSE-SU-2015:2385 URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00039.html SUSE:SUSE-SU-2015:2386 URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00040.html SUSE:SUSE-SU-2015:2387 URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00041.html SUSE:SUSE-SU-2015:2399 URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00044.html SUSE:openSUSE-SU-2015:2375 URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00037.html SUSE:openSUSE-SU-2015:2392 URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00043.html SUSE:openSUSE-SU-2016:0036 URL:http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00003.html UBUNTU:USN-2836-1 URL:http://www.ubuntu.com/usn/USN-2836-1 BID:79358 URL:http://www.securityfocus.com/bid/79358 SECTRACK:1034422 URL:http://www.securitytracker.com/id/1034422
Assigning CNA
N/A
Date Entry Created
20151127	Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20151127)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE list, which standardizes names for security problems.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org