CVE-2008-3896 (retired)

Priority
Description
Grub Legacy 0.97 and earlier stores pre-boot authentication passwords in
the BIOS Keyboard buffer and does not clear this buffer before and after
use, which allows local users to obtain sensitive information by reading
the physical memory locations associated with this buffer.
Notes
jdstrandrequires root access to the machine, which gives access to do
anything anyway (unless restricting root access via SELinux, which Ubuntu
does not)
mdeslaurlet's ignore this
Package
Source: grub (LP Ubuntu Debian)
Upstream:needs-triage
More Information

Updated: 2019-10-09 07:11:59 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)