Gentoo Linux Security Advisory 201512-3 - GRUB's authentication prompt can be bypassed by entering a sequence of backspace characters. Versions less than 2.02_beta2-r8 are affected.
1ff5ad32f2a1c3039456b0a40b56a4be947afe02181fab6899febdaba1c2669cSlackware Security Advisory - New grub packages are available for Slackware 14.1 and -current to fix a security issue.
83725abaa7311856eae58ea3aa43594cf6d9d290076e54a04c4289a9b9b15519Debian Linux Security Advisory 3421-1 - Hector Marco and Ismael Ripoll, from Cybersecurity UPV Research Group, found an integer underflow vulnerability in Grub2, a popular bootloader. A local attacker can bypass the Grub2 authentication by inserting a crafted input as username or password.
f4156217b5ae9a185551968893e74ac46477b0a78d1291d5790c57d0344da25dUbuntu Security Notice 2836-1 - Hector Marco and Ismael Ripoll discovered that GRUB incorrectly handled the backspace key when configured to use authentication. A local attacker could use this issue to bypass GRUB password protection.
050234264d83d3de1194c373fe3ddb557f00deab498633257f5fa170c8809fb8Red Hat Security Advisory 2015-2623-01 - The grub2 packages provide version 2 of the Grand Unified Bootloader, a highly configurable and customizable bootloader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. A flaw was found in the way the grub2 handled backspace characters entered in username and password prompts. An attacker with access to the system console could use this flaw to bypass grub2 password protection and gain administrative access to the system.
8e513ad962a5579515fa94feef5b7b79b914a236728e2e466f4e3b28975c6563Grub2 versions 1.98 through 2.02 suffer from an authentication bypass vulnerability.
83bd7487636061aa2b0800d6365ebfbe91d7c0307ab06febcf641741b08068f4
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed