CVE-2008-3896 — Sensitive Information Exposure in Grub Legacy

CWE-200 — Sensitive Information Exposure6 documents6 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 80.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Grub Legacy Debian Grub

Timeline

PublishedSep 3

Latest updateMay 2

Description

Grub Legacy 0.97 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages2 packages

▶NVDgnu/grub_legacy0.97+9

▶debiandebian/grub

🔴Vulnerability Details

GHSA

GHSA-xf73-4hr6-xcqc: Grub Legacy 0↗2022-05-02

▶

OSV

CVE-2008-3896: Grub Legacy 0↗2008-09-03

▶

💥Exploits & PoCs

Nuclei

AppServ Open Project <=2.5.10 - Cross-Site Scripting

▶

📋Vendor Advisories

Debian

CVE-2008-3896: grub - Grub Legacy 0.97 and earlier stores pre-boot authentication passwords in the BIO...↗2008

▶

Red Hat

CVE-2008-3896: Grub Legacy 0↗

▶