[kernel-sec-discuss] r1525 - active
Michael Gilbert
gilbert-guest at alioth.debian.org
Mon Oct 19 21:29:06 UTC 2009
Author: gilbert-guest
Date: 2009-10-19 21:29:06 +0000 (Mon, 19 Oct 2009)
New Revision: 1525
Added:
active/CVE-2008-3901
Log:
old untracked issue
Added: active/CVE-2008-3901
===================================================================
--- active/CVE-2008-3901 (rev 0)
+++ active/CVE-2008-3901 2009-10-19 21:29:06 UTC (rev 1525)
@@ -0,0 +1,16 @@
+Candidate: CVE-2008-3901
+Description:
+ Software suspend 2 2-2.2.1, when used with the Linux kernel 2.6.16, stores pre-boot
+ authentication passwords in the BIOS Keyboard buffer and does not clear this buffer
+ after use, which allows local users to obtain sensitive information by reading the
+ physical memory locations associated with this buffer.
+References:
+ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3901
+ http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf
+Notes:
+Bugs:
+upstream:
+linux-2.6:
+2.6.18-etch-security:
+2.6.24-etch-security:
+2.6.26-lenny-security:
More information about the kernel-sec-discuss
mailing list