Re: CVE Request -- Xen -- PyGrub

["Steven M. Christey" <coley () linus mitre org>]

On Fri, 25 Sep 2009, Jan Lieskovsky wrote:

>    Xen's PyGrub, when grub.conf was configured with password protection,
> did not check for the password at host boot time. An attacker, with physical
> access to the host, could use this flaw to change the OS booting configuration.

Use CVE-2009-3525, to be filled in later.

- Steve