oss-sec mailing list archives
Re: CVE Request -- Xen -- PyGrub
From: "Steven M. Christey" <coley () linus mitre org>
Date: Thu, 1 Oct 2009 13:09:58 -0400 (EDT)
On Fri, 25 Sep 2009, Jan Lieskovsky wrote:
Xen's PyGrub, when grub.conf was configured with password protection, did not check for the password at host boot time. An attacker, with physical access to the host, could use this flaw to change the OS booting configuration.
Use CVE-2009-3525, to be filled in later. - Steve
Current thread:
- Re: CVE Request -- Xen -- PyGrub Steven M. Christey (Oct 01)