CVE-2008-3896

Priority
Description
Grub Legacy 0.97 and earlier stores pre-boot authentication passwords in
the BIOS Keyboard buffer and does not clear this buffer before and after
use, which allows local users to obtain sensitive information by reading
the physical memory locations associated with this buffer.
Notes
 jdstrand> requires root access to the machine, which gives access to do
  anything anyway (unless restricting root access via SELinux, which Ubuntu
  does not)
 mdeslaur> let's ignore this
Package
Source: grub (LP Ubuntu Debian)
Upstream:needs-triage
More Information

Updated: 2019-01-14 21:46:08 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)