Hello Vladimir,
On 10/24/19 5:47 PM, Vladimir 'phcoder' Serbinenko wrote:
> This has been committed years ago:
> https://git.savannah.gnu.org/cgit/grub.git/commit/grub-core/lib/crypto.c?id=451d80e52d851432e109771bb8febafca7a5f1f2
> Please contact whoever you got your GRUB from
>
Oh I see. Since
Hi Daniel,
Sorry I didn't pay to much attention to this. Yes, it is unsigned but
the underflow is still there.
Maybe what you are missing is that this underflowed value (cur_len) is
later used in grub_memset( buf + cur_len, 0, buf_size - cur_len); which
results in a buffer overflow (not underflow
On Thu, 24 Oct 2019, 18:11 Daniel Kiper, wrote:
> Hi Hector,
>
> On Thu, Oct 24, 2019 at 03:22:43PM +0100, Hector Marco wrote:
> > Hello Daniel,
> >
> > Something went wrong in my last email, what I wanted to say is:
> >
> > The patch prevents that "cur_len" underflows. No negative values for
> >
Hi Daniel,
We wrote a blog entry explaining the problem and how it can be exploited:
http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html
The underflow (although it is unsigned) takes effect in the function
grub_memset.
The exploitation is extremely hard to do but possib
Hi Hector,
On Thu, Oct 24, 2019 at 03:22:43PM +0100, Hector Marco wrote:
> Hello Daniel,
>
> Something went wrong in my last email, what I wanted to say is:
>
> The patch prevents that "cur_len" underflows. No negative values for
> "cur_len" so no way to underflow the "cur_len" variable and theref
Hello Daniel,
Something went wrong in my last email, what I wanted to say is:
The patch prevents that "cur_len" underflows. No negative values for
"cur_len" so no way to underflow the "cur_len" variable and therefore no
vulnerability.
Hector.
On 24/10/2019 15:13, Hector Marco wrote:
> Hello Da
This has been committed years ago:
https://git.savannah.gnu.org/cgit/grub.git/commit/grub-core/lib/crypto.c?id=451d80e52d851432e109771bb8febafca7a5f1f2
Please contact whoever you got your GRUB from
On Fri, Oct 18, 2019 at 2:39 PM Javier Martinez Canillas
wrote:
>
> From: Hector Marco-Gisbert
>
>
Hello Daniel,
The patch prevents that "cur_len" underflows. No negative values for
"cur_len" so way to underflow the "cur_len" variable and therefore
I hope this helps,
Hector.
On 23/10/2019 11:14, Daniel Kiper wrote:
> On Fri, Oct 18, 2019 at 02:39:01PM +0200, Javier Martinez Canillas wrote:
On Fri, Oct 18, 2019 at 02:39:01PM +0200, Javier Martinez Canillas wrote:
> From: Hector Marco-Gisbert
>
> This patch fixes two integer underflows at:
> * grub-core/lib/crypto.c
> * grub-core/normal/auth.c
>
> Resolves: CVE-2015-8370
>
> Signed-off-by: Hector Marco-Gisbert
> Signed-off-
From: Hector Marco-Gisbert
This patch fixes two integer underflows at:
* grub-core/lib/crypto.c
* grub-core/normal/auth.c
Resolves: CVE-2015-8370
Signed-off-by: Hector Marco-Gisbert
Signed-off-by: Ismael Ripoll-Ripoll
Signed-off-by: Javier Martinez Canillas
---
grub-core/lib/cryp
10 matches
Mail list logo
