VULHUB ™

A vulnerability exists in the master boot record (MBR) installed by default with Debian GNU/Linux, versions 2.0 through 2.2 prereleases. By pressing the shift key during the initial portion of the boot sequence, before LILO has been invoked, the machine will display the string "1FA:" and wait for a keypress. Pressing F will result in the floppy being booted. This can allow someone with local access to bypass any bios or LILO boot passwords.

A vulnerability exists in the master boot record (MBR) installed by default with Debian GNU/Linux, versions 2.0 through 2.2 prereleases. By pressing the shift key during the initial portion of the boot sequence, before LILO has been invoked, the machine will display the string "1FA:" and wait for a keypress. Pressing F will result in the floppy being booted. This can allow someone with local access to bypass any bios or LILO boot passwords.