Red Hat Bugzilla – Bug 1286966
CVE-2015-8370 grub2: buffer overflow when checking password entered during bootup
Last modified: 2015-12-16 02:14:57 EST
A buffer overflow flaw was found in the way grub2 checked the password entered by the user during bootup. A local attacker could use this flaw to circumvent the password check and, potentially, execute arbitrary code on the system.
Created attachment 1100986 [details]
Here's the fix.
Created grub2 tracking bugs for this issue:
Affects: fedora-all [bug 1290417]
This flaw has been presented at the CCN-CERT conference by the UPV security team:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2015:2623 https://rhn.redhat.com/errata/RHSA-2015-2623.html
Detailed write-up from the original reporters.