Dear Grub team,
This email is an attempt to follow the rules of responsible
disclosure by offering you to work on a patch to the vulnerability
we discovered, afecting Grub (I tested version 0.97 -lastest CVS-
specifically, but grub2 is most likely also vulnerable).
While during extensive
Dear Pierre Yves,
(Cher Pierre Yves, meme ;),
Thanks for the information, I'm forwarding your e-mail to the vendor-sec
mailing list (in CC) since other linux distros could be interested,
Thanks for relying the information, I really didn't know who to ping
since the main author's email is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi folks,
Thanks for the report. We're tracking this issue as VU#513547. Please
include this ID in the subject line of any emails regarding this
issue.
We'll investigate the issue and follow up as necessary.
Thank you,
Will Dormann
* [2008-07-29 18:15:36 +0530] Jonathan Brossard wrote:
Dear Pierre Yves,
(Cher Pierre Yves, meme ;),
Thanks for the information, I'm forwarding your e-mail to the vendor-sec
mailing list (in CC) since other linux distros could be interested,
Thanks for relying the information, I really
On Jul 29, 2008, at 5:45 AM, Jonathan Brossard wrote:
1) Plain text password disclosure.
Required privileges to perform this operation are OS dependant,
from unprivileged users under Windows (any), to root under most Unix.
2) A privileged attacker able to write to the MBR and knowing the
* [2008-07-29 10:01:45 -0700] Mike Hamburg wrote:
On Jul 29, 2008, at 5:45 AM, Jonathan Brossard wrote:
1) Plain text password disclosure.
Required privileges to perform this operation are OS dependant,
from unprivileged users under Windows (any), to root under most Unix.
2) A privileged
