CVE-2008-3896

EUVD-2008-3882
Grub Legacy 0.97 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.1 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 19%
Affected Products (NVD)
VendorProductVersion
gnugrub_legacy
𝑥
≤ 0.97
gnugrub_legacy
0.92
gnugrub_legacy
0.93
gnugrub_legacy
0.94
gnugrub_legacy
0.94-i386-pc
gnugrub_legacy
0.95
gnugrub_legacy
0.95-i386-pc
gnugrub_legacy
0.96
gnugrub_legacy
0.96-i386-pc
gnugrub_legacy
0.97-i386-pc
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
grub
bookworm
unimportant
bullseye
unimportant
sid
unimportant
trixie
unimportant
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
grub
dapper
ignored
feisty
ignored
gutsy
ignored
hardy
ignored
intrepid
ignored
jaunty
ignored
karmic
ignored
Common Weakness Enumeration
References
http://securityreason.com/securityalert/4204
http://securityreason.com/securityalert/4206
http://www.ivizsecurity.com/preboot-patch.html
http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf
http://www.securityfocus.com/archive/1/495726/100/0/threaded
http://securityreason.com/securityalert/4204
http://securityreason.com/securityalert/4206
http://www.ivizsecurity.com/preboot-patch.html
http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf
http://www.securityfocus.com/archive/1/495726/100/0/threaded