2015-12-19
ALT-BU-2015-2807-1
Branch c7 update bulletin.
Closed vulnerabilities
Published: 2015-12-17
BDU:2016-00001
Уязвимости загрузчика операционных систем Grub2, позволяющие нарушителю получить конфиденциальную информацию или вызвать отказ в обслуживании
References:
Published: 2015-12-17
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2015-8370
Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an "Off-by-two" or "Out of bounds overwrite" memory error.
References:
- http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html
- http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html
- FEDORA-2015-cebe5133e7
- FEDORA-2015-cebe5133e7
- FEDORA-2015-90c27b6e91
- FEDORA-2015-90c27b6e91
- openSUSE-SU-2015:2375
- openSUSE-SU-2015:2375
- SUSE-SU-2015:2385
- SUSE-SU-2015:2385
- SUSE-SU-2015:2386
- SUSE-SU-2015:2386
- SUSE-SU-2015:2387
- SUSE-SU-2015:2387
- openSUSE-SU-2015:2392
- openSUSE-SU-2015:2392
- SUSE-SU-2015:2399
- SUSE-SU-2015:2399
- openSUSE-SU-2016:0036
- openSUSE-SU-2016:0036
- http://packetstormsecurity.com/files/134831/Grub2-Authentication-Bypass.html
- http://packetstormsecurity.com/files/134831/Grub2-Authentication-Bypass.html
- RHSA-2015:2623
- RHSA-2015:2623
- 20151216 Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370]
- 20151216 Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370]
- DSA-3421
- DSA-3421
- [oss-security] 20151215 Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370]
- [oss-security] 20151215 Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370]
- [oss-security] 20240116 CVE-2023-4001: a password bypass vulnerability in the downstream GRUB boot manager
- [oss-security] 20240116 CVE-2023-4001: a password bypass vulnerability in the downstream GRUB boot manager
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- 20151215 Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370]
- 20151215 Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370]
- 79358
- 79358
- 1034422
- 1034422
- USN-2836-1
- USN-2836-1
- GLSA-201512-03
- GLSA-201512-03