lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 15 Dec 2015 12:49:55 +0100 From: Hector Marco-Gisbert <hecmargi@....es> To: oss-security@...ts.openwall.com, bugtraq@...urityfocus.com, bugs@...uritytracker.com, fulldisclosure@...lists.org, full-disclosure@...ts.grok.org.uk Subject: [FD] Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370] Hi everyone, A vulnerability in Grub2 (Back to 28) has been found. Versions from 1.98 (December, 2009) to 2.02 (December, 2015) are affected. The vulnerability can be exploited under certain circumstances, allowing local attackers to bypass any kind of authentication (plain or hashed passwords). And so, the attacker may take control of the computer. More details at: http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html Regards, Hector Marco & Ismael Ripoll. -- Dr. Hector Marco-Gisbert @ http://hmarco.org/ Cyber Security Researcher @ http://cybersecurity.upv.es Universitat Politècnica de València (Spain) _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists