{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-08-10T00:00:00", "descriptions": [{"lang": "en", "value": "LILO 22.6.1 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.ivizsecurity.com/preboot-patch.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf"}, {"name": "20080825 [IVIZ-08-008] LILO Security Model bypass exploiting wrong BIOS API usage", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/495801/100/0/threaded"}, {"name": "4211", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/4211"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-3895", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "LILO 22.6.1 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.ivizsecurity.com/preboot-patch.html", "refsource": "MISC", "url": "http://www.ivizsecurity.com/preboot-patch.html"}, {"name": "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf", "refsource": "MISC", "url": "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf"}, {"name": "20080825 [IVIZ-08-008] LILO Security Model bypass exploiting wrong BIOS API usage", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/495801/100/0/threaded"}, {"name": "4211", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/4211"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T09:53:00.419Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.ivizsecurity.com/preboot-patch.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf"}, {"name": "20080825 [IVIZ-08-008] LILO Security Model bypass exploiting wrong BIOS API usage", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/495801/100/0/threaded"}, {"name": "4211", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/4211"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-3895", "datePublished": "2008-09-03T14:00:00", "dateReserved": "2008-09-03T00:00:00", "dateUpdated": "2024-08-07T09:53:00.419Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lilo:lilo:*:*:*:*:*:*:*:*", "matchCriteriaId": "6F668D7C-0032-4335-8E90-ABBE039F222B", "versionEndIncluding": "22.6.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:0:*:*:*:*:*:*:*", "matchCriteriaId": "3A759B97-3614-4D91-AA5A-192B995214AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:1:*:*:*:*:*:*:*", "matchCriteriaId": "B0DB4194-5F7D-4E67-A4B0-71EB61DE63E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:2:*:*:*:*:*:*:*", "matchCriteriaId": "0DFC9F61-5684-403C-8A29-7C0CDFE982D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:3:*:*:*:*:*:*:*", "matchCriteriaId": "CE80220E-C92E-4FC3-A0E3-F46253F831A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:4:*:*:*:*:*:*:*", "matchCriteriaId": "C5498FEB-E603-40AC-8960-083F951E4DA8", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:5:*:*:*:*:*:*:*", "matchCriteriaId": "69BF8ED4-2563-4073-A1A9-3D6518A9D0DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:6:*:*:*:*:*:*:*", "matchCriteriaId": "1C2AD4E4-5BDA-4772-91D3-706BB4188BFE", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:7:*:*:*:*:*:*:*", "matchCriteriaId": "9E094610-8DB1-4153-BB60-5FA7B78810E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:8:*:*:*:*:*:*:*", "matchCriteriaId": "D7AEEF68-3E9B-439E-9C77-EF81FE3FB369", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:9:*:*:*:*:*:*:*", "matchCriteriaId": "9E2A57A9-8B7F-4F39-8457-EA6296512630", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:10:*:*:*:*:*:*:*", "matchCriteriaId": "6C34DB8C-E0F4-4D41-968B-02E76CA9F6E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:11:*:*:*:*:*:*:*", "matchCriteriaId": "0BE0D9B3-D2F4-441F-AF96-9A4B300E7FD5", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:12:*:*:*:*:*:*:*", "matchCriteriaId": "0249F716-CD23-4315-8472-FA5CDC55A6B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:13:*:*:*:*:*:*:*", "matchCriteriaId": "653AF65C-19A1-47E3-9762-FB315A8EB574", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:14:*:*:*:*:*:*:*", "matchCriteriaId": "614FBCB3-57B9-4B14-88A8-D7D261351359", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:15:*:*:*:*:*:*:*", "matchCriteriaId": "3786E2F9-BDDF-4924-8268-AB6F3BA1CE0B", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:16:*:*:*:*:*:*:*", "matchCriteriaId": "A441F829-52BB-48D4-BC11-7C3E11CE5662", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:17:*:*:*:*:*:*:*", "matchCriteriaId": "CB9D00CC-5A47-43CD-8CDE-C8109B5A2E40", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:18:*:*:*:*:*:*:*", "matchCriteriaId": "FFAA278C-3A6F-4554-B1E9-E85ABCEF9719", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:19:*:*:*:*:*:*:*", "matchCriteriaId": "0334052B-C44C-4677-BA37-6D47328BC2E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:20:*:*:*:*:*:*:*", "matchCriteriaId": "065B8AC4-D7B2-4914-878A-D35690CFDFFF", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:21:*:*:*:*:*:*:*", "matchCriteriaId": "81762624-E359-40A2-A7A5-BF553F13986C", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:21-3:*:*:*:*:*:*:*", "matchCriteriaId": "72AD3A9F-6859-48DB-A2CD-69EAE8078BBF", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:21.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "9E90F1EE-EF43-4DB8-B855-6D6B354845F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:21.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "3D651820-9933-4E00-A2EE-79B20EAA35B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:21.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "4E4FF707-85B2-43C5-A32A-021B63071643", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:21.5:*:*:*:*:*:*:*", "matchCriteriaId": "32858EF2-7D65-4616-AEB0-649CE21A3C73", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:21.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "E0E07CEB-EDB4-4526-A9B9-2F439A9EE003", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:21.6:*:*:*:*:*:*:*", "matchCriteriaId": "6717E585-5867-4616-8AD1-FEE2F967F710", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:21.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "AD417548-7DD2-4058-AC32-4019F47B214D", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:21.7:*:*:*:*:*:*:*", "matchCriteriaId": "600185BE-98B1-4FDD-867D-153E294ED512", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:21.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "7E276112-4BC2-41E8-8D99-0DD23E8A25C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:21.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "90A74403-8997-452A-8E86-AA241DB31405", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:21.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "0925CDFE-8E19-4FE8-A827-509317C55AD1", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:21.7.4:*:*:*:*:*:*:*", "matchCriteriaId": "58589FCF-4341-4603-BC6C-285871623297", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:21.7.5:*:*:*:*:*:*:*", "matchCriteriaId": "2EBD00DE-9FDE-4D3F-81BD-0EE830E56645", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:22.0:*:*:*:*:*:*:*", "matchCriteriaId": "39867E3E-114A-438A-ACDE-1FF5BA753B1A", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:22.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "2AE61766-C031-4377-8F60-31C15C2F6FDC", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:22.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "9B93AB79-64DD-4C70-8BBA-008A66BB20F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:22.1:*:*:*:*:*:*:*", "matchCriteriaId": "C54D0A0E-58F8-4297-B8F6-71FDBCD6A59F", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:22.2:*:*:*:*:*:*:*", "matchCriteriaId": "420D2A52-5D89-444F-9272-D5C89512EA72", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:22.3:*:*:*:*:*:*:*", "matchCriteriaId": "D3E3A588-9BB0-4197-AADB-F4DAB0CDE2F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:22.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "2A221483-98AA-4B00-A14B-800A8DD8FEC3", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:22.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "7E54CC40-470C-4335-811B-37E3F1ED1B4F", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:22.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "C3FF2B95-5600-49F7-8B6D-C6B004FDC019", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:22.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "118C46C5-217C-4FD3-AAA0-D03DBD76A117", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:22.4:*:*:*:*:*:*:*", "matchCriteriaId": "D876584E-679C-41BD-9548-24355C038052", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:22.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "CE6D55AC-2199-4C7A-8243-8B821AC1B813", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:22.5:*:*:*:*:*:*:*", "matchCriteriaId": "8FE8E132-6A89-4FC2-86AF-FDD0F821B586", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:22.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "3438F124-0922-4F06-82DF-AB8539FDAEA5", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:22.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "B6F3632F-7137-422E-83B9-4243CDCFCC81", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:22.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "18A1A4BC-DB70-4C64-ABE9-7EBE0D406FA8", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:22.5.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "25F01A0E-1BAD-4D98-84A5-2772C7378920", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:22.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "C562FF23-D427-49DF-A31A-999A09448179", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:22.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "9CC59192-A61E-4C8D-ADCB-805D0CB5AC06", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:22.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "8FA83594-FCEC-4AC1-B92D-B2EADBCC65C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:22.5.7:*:*:*:*:*:*:*", "matchCriteriaId": "740D2625-6A11-4241-842B-F7AABEBC50B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:22.5.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "3C8511C9-7A2E-4739-9030-4932264D56AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:22.5.8:*:*:*:*:*:*:*", "matchCriteriaId": "9091D254-7D2F-46EA-9BCC-14E4CEFD98FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:22.5.9:*:*:*:*:*:*:*", "matchCriteriaId": "FEE1A651-537F-491C-BEA8-D5CE8C262E53", "vulnerable": true}, {"criteria": "cpe:2.3:a:lilo:lilo:22.6:*:*:*:*:*:*:*", "matchCriteriaId": "5C636C4B-064C-4FBF-8C10-F05B35AA1DB1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "LILO 22.6.1 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer."}, {"lang": "es", "value": "LILO 22.6.1 y versiones anteriores almacena contrase\u00f1as de autenticaci\u00f3n de pre-arranque en el b\u00fafer BIOS Keyboard y no limpia este b\u00fafer antes y despu\u00e9s del uso, lo cual permite a usuarios locales obtener informaci\u00f3n sensible leyendo localizaciones de memoria f\u00edsica asociadas con este b\u00fafer."}], "id": "CVE-2008-3895", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-09-03T14:12:00.000", "references": [{"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/4211"}, {"source": "cve@mitre.org", "url": "http://www.ivizsecurity.com/preboot-patch.html"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/495801/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/4211"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ivizsecurity.com/preboot-patch.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/495801/100/0/threaded"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Red Hat does not consider this to be a security issue. Since these operations can only be executed by root, no trust boundary is crossed as a result of this behaviour.", "lastModified": "2009-01-29T01:54:44.627", "organization": "Red Hat"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}