Title: Debian GNU/Linux MBR Vulnerability
Severity: LOW
Description:
A vulnerability exists in the master boot record (MBR) installed by default with Debian GNU/Linux, versions 2.0 through 2.2 prereleases. By pressing the shift key during the initial portion of the boot sequence, before LILO has been invoked, the machine will display the string "1FA:" and wait for a keypress. Pressing F will result in the floppy being booted. This can allow someone with local access to bypass any bios or LILO boot passwords.
Affected Products:
- Debian Linux 2.0.0
- Debian Linux 2.0.0r5
- Debian Linux 2.1.0
- Debian Linux 2.2.0
- Debian Linux 2.2.0pre potato
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
