oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370]

From: Hector Marco-Gisbert <hecmargi () upv es>
Date: Tue, 15 Dec 2015 12:49:55 +0100
Hi everyone,

A vulnerability in Grub2 (Back to 28) has been found. Versions from 1.98
(December, 2009) to 2.02 (December, 2015) are affected. The vulnerability can be exploited under certain circumstances, allowing local attackers to bypass any kind of authentication (plain or hashed passwords). And so, the attacker may take control of the computer. 


More details at:
http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html


Regards,
Hector Marco & Ismael Ripoll.


--
Dr. Hector Marco-Gisbert @ http://hmarco.org/
Cyber Security Researcher @ http://cybersecurity.upv.es
Universitat Politècnica de València (Spain)
Previous By Date Next
Previous By Thread Next

Current thread: