CVE-2008-3896

Grub Legacy 0.97 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.1 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
VendorProductVersion
gnugrub_legacy
𝑥
≤ 0.97
gnugrub_legacy
0.92
gnugrub_legacy
0.93
gnugrub_legacy
0.94
gnugrub_legacy
0.94-i386-pc
gnugrub_legacy
0.95
gnugrub_legacy
0.95-i386-pc
gnugrub_legacy
0.96
gnugrub_legacy
0.96-i386-pc
gnugrub_legacy
0.97-i386-pc
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
grub
bullseye
unimportant
bookworm
unimportant
trixie
unimportant
sid
unimportant
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
grub
karmic
ignored
jaunty
ignored
intrepid
ignored
hardy
ignored
gutsy
ignored
feisty
ignored
dapper
ignored
Common Weakness Enumeration
References
http://securityreason.com/securityalert/4204
http://securityreason.com/securityalert/4206
http://www.ivizsecurity.com/preboot-patch.html
http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf
http://www.securityfocus.com/archive/1/495726/100/0/threaded
http://securityreason.com/securityalert/4204
http://securityreason.com/securityalert/4206
http://www.ivizsecurity.com/preboot-patch.html
http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf
http://www.securityfocus.com/archive/1/495726/100/0/threaded