CVE-2008-3895

Publication date 3 September 2008

Last updated 24 July 2024

Ubuntu priority

Description

LILO 22.6.1 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
lilo	9.10 karmic	Ignored
	9.04 jaunty	Ignored
	8.10 intrepid	Ignored
	8.04 LTS hardy	Ignored
	7.10 gutsy	Ignored end of life, was needed
	7.04 feisty	Ignored end of life, was needed
	6.06 LTS dapper	Ignored

How can I get the fixes?
What do statuses mean?

Notes

jdstrand

requires root access to the machine which gives access to do anything anyway (unless restricting root access via SELinux, which Ubuntu does not)

mdeslaur

let's ignore this

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2008-3895