Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ glsa 201512-03 ] grub
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Advocate
Advocate


Joined: 12 May 2004
Posts: 2226

PostPosted: Sat Dec 19, 2015 3:26 pm    Post subject: [ glsa 201512-03 ] grub Reply with quote

Gentoo Linux Security Advisory

Title: GRUB: Authentication bypass (GLSA 201512-03)
Severity: normal
Exploitable: local
Date: December 19, 2015
Bug(s): #568326
ID: 201512-03

Synopsis

GRUB's authentication prompt can be bypassed by entering a sequence
of backspace characters.

Background

GNU GRUB is a multiboot boot loader used by most Linux systems.

Affected Packages

Package: sys-boot/grub
Vulnerable: < 2.02_beta2-r8
Unaffected: >= 2.02_beta2-r8
Unaffected: >= 0.97 < 0.98
Architectures: All supported architectures


Description

An integer underflow in GRUB’s username/password authentication code
has been discovered.


Impact

An attacker with access to the system console may bypass the username
prompt by entering a sequence of backspace characters, allowing them e.g.
to get full access to GRUB’s console or to load a customized kernel.


Workaround

There is no known workaround at this time.

Resolution

All GRUB 2.x users should upgrade to the latest version:
Code:
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-boot/grub-2.02_beta2-r8"
After upgrading, make sure to run the grub2-install command with options
appropriate for your system. See the GRUB2 Quick Start guide in the
references below for examples. Your system will be vulnerable until this
action is performed.

References

CVE-2015-8370

Start guide
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum