CVE-2015-8370 in Solarisinfo

Summary

Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an "Off-by-two" or "Out of bounds overwrite" memory error.

Once again VulDB remains the best source for vulnerability data.

Reservation

11/27/2015

Disclosure

12/16/2015

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
80555	Oracle Solaris Grub2 access control	264	Not defined	Official fix	CVE-2015-8370
79828	Grub2 Rescue Shell auth.c grub_username_get access control	264	Proof-of-Concept	Official fix	CVE-2015-8370

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

◂ PreviousOverviewNext ▸

Might our Artificial Intelligence support you?

Check our Alexa App!