{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2015-8370", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-06T08:13:32.834Z", "dateReserved": "2015-11-27T00:00:00", "datePublished": "2015-12-16T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-01-16T00:06:19.101867"}, "descriptions": [{"lang": "en", "value": "Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an \"Off-by-two\" or \"Out of bounds overwrite\" memory error."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "http://packetstormsecurity.com/files/134831/Grub2-Authentication-Bypass.html"}, {"name": "openSUSE-SU-2015:2392", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00043.html"}, {"name": "openSUSE-SU-2016:0036", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00003.html"}, {"url": "http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html"}, {"name": "79358", "tags": ["vdb-entry"], "url": "http://www.securityfocus.com/bid/79358"}, {"name": "openSUSE-SU-2015:2375", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00037.html"}, {"name": "1034422", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1034422"}, {"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"}, {"name": "SUSE-SU-2015:2387", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00041.html"}, {"name": "SUSE-SU-2015:2386", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00040.html"}, {"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"}, {"name": "[oss-security] 20151215 Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370]", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2015/12/15/6"}, {"name": "20151215 Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370]", "tags": ["mailing-list"], "url": "http://www.securityfocus.com/archive/1/537115/100/0/threaded"}, {"name": "SUSE-SU-2015:2385", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00039.html"}, {"name": "20151216 Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370]", "tags": ["mailing-list"], "url": "http://seclists.org/fulldisclosure/2015/Dec/69"}, {"name": "GLSA-201512-03", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/201512-03"}, {"name": "FEDORA-2015-cebe5133e7", "tags": ["vendor-advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173703.html"}, {"name": "USN-2836-1", "tags": ["vendor-advisory"], "url": "http://www.ubuntu.com/usn/USN-2836-1"}, {"name": "FEDORA-2015-90c27b6e91", "tags": ["vendor-advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174049.html"}, {"name": "RHSA-2015:2623", "tags": ["vendor-advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-2623.html"}, {"name": "SUSE-SU-2015:2399", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00044.html"}, {"name": "DSA-3421", "tags": ["vendor-advisory"], "url": "http://www.debian.org/security/2015/dsa-3421"}, {"name": "[oss-security] 20240116 CVE-2023-4001: a password bypass vulnerability in the downstream GRUB boot manager", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2024/01/15/3"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}], "datePublic": "2015-12-10T00:00:00"}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T08:13:32.834Z"}, "title": "CVE Program Container", "references": [{"url": "http://packetstormsecurity.com/files/134831/Grub2-Authentication-Bypass.html", "tags": ["x_transferred"]}, {"name": "openSUSE-SU-2015:2392", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00043.html"}, {"name": "openSUSE-SU-2016:0036", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00003.html"}, {"url": "http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html", "tags": ["x_transferred"]}, {"name": "79358", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securityfocus.com/bid/79358"}, {"name": "openSUSE-SU-2015:2375", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00037.html"}, {"name": "1034422", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1034422"}, {"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", "tags": ["x_transferred"]}, {"name": "SUSE-SU-2015:2387", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00041.html"}, {"name": "SUSE-SU-2015:2386", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00040.html"}, {"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", "tags": ["x_transferred"]}, {"name": "[oss-security] 20151215 Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370]", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/12/15/6"}, {"name": "20151215 Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370]", "tags": ["mailing-list", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/537115/100/0/threaded"}, {"name": "SUSE-SU-2015:2385", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00039.html"}, {"name": "20151216 Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370]", "tags": ["mailing-list", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2015/Dec/69"}, {"name": "GLSA-201512-03", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/201512-03"}, {"name": "FEDORA-2015-cebe5133e7", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173703.html"}, {"name": "USN-2836-1", "tags": ["vendor-advisory", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2836-1"}, {"name": "FEDORA-2015-90c27b6e91", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174049.html"}, {"name": "RHSA-2015:2623", "tags": ["vendor-advisory", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-2623.html"}, {"name": "SUSE-SU-2015:2399", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00044.html"}, {"name": "DSA-3421", "tags": ["vendor-advisory", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3421"}, {"name": "[oss-security] 20240116 CVE-2023-4001: a password bypass vulnerability in the downstream GRUB boot manager", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2024/01/15/3"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:grub2:1.98:*:*:*:*:*:*:*", "matchCriteriaId": "936B2F89-3A97-46A8-B776-CF605C192CA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:grub2:1.99:*:*:*:*:*:*:*", "matchCriteriaId": "6FB62F6A-8B42-4186-99AF-2A07050EB19E", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:grub2:2.00:*:*:*:*:*:*:*", "matchCriteriaId": "D3AB3BF3-95F2-43C6-8445-4B749135BE8E", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:grub2:2.01:*:*:*:*:*:*:*", "matchCriteriaId": "F3C7F246-9B64-49C4-B358-C5A62C3A2458", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:grub2:2.02:*:*:*:*:*:*:*", "matchCriteriaId": "7AEB4A3C-A448-4C7D-8F08-57940E13BB6D", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*", "matchCriteriaId": "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an \"Off-by-two\" or \"Out of bounds overwrite\" memory error."}, {"lang": "es", "value": "M\u00faltiple desbordamiento inferior de entero en Grub2 1.98 hasta la versi\u00f3n 2.02 permite a atacantes f\u00edsicamente pr\u00f3ximos eludir la autenticaci\u00f3n, obtener informaci\u00f3n sensible o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de disco) a trav\u00e9s del car\u00e1cter backspace en la funci\u00f3n (1) grub_username_get en grub-core/normal/auth.c o (2) grub_password_get en lib/crypto.c, lo que desencadena un error de memoria 'Off-by-two' o 'Out of bounds overwrite'."}], "id": "CVE-2015-8370", "lastModified": "2024-01-16T01:15:33.947", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-12-16T21:59:04.063", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173703.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174049.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00037.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00039.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00040.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00041.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00043.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00044.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00003.html"}, {"source": "cve@mitre.org", "url": "http://packetstormsecurity.com/files/134831/Grub2-Authentication-Bypass.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2015-2623.html"}, {"source": "cve@mitre.org", "url": "http://seclists.org/fulldisclosure/2015/Dec/69"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2015/dsa-3421"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2015/12/15/6"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2024/01/15/3"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"}, {"source": "cve@mitre.org", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/537115/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/79358"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1034422"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-2836-1"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201512-03"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2015:2623", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "grub2-1:2.02-0.33.el7_2", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-12-15T00:00:00Z"}], "bugzilla": {"description": "grub2: buffer overflow when checking password entered during bootup", "id": "1286966", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1286966"}, "csaw": false, "cvss": {"cvss_base_score": "6.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "status": "verified"}, "cwe": "CWE-787", "details": ["Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an \"Off-by-two\" or \"Out of bounds overwrite\" memory error.", "A flaw was found in the way grub2 handled backspace characters entered in username and password prompts. An attacker with access to the system console could use this flaw to bypass grub2 password protection and gain administrative access to the system."], "name": "CVE-2015-8370", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "grub", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "grub", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "grub2", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2015-12-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-8370\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8370\nhttp://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html"], "threat_severity": "Moderate"}