CLD-421 Details

Other IDs this deficiency may be known by:

CVE ID CVE-2015-8370 (nvd) (mitre) (debian) (archlinux) (red hat) (suse) (ubuntu)
Other ID(s) back-to-28

Basic Information:

Affected Package(s) grub
Deficiency Type SECURITY
Date Created 2018-06-01 13:48:17
Date Last Modified 2018-06-01 15:35:43

Version Specific Information:

Cucumber 1.0 i686fixed in grub-2.00-i686-3
Cucumber 1.0 x86_64fixed in grub-2.00-x86_64-3

Cucumber 1.1 i686 fixed in grub-2.00-i686-3
Cucumber 1.1 x86_64 fixed in grub-2.00-x86_64-3


=================================== Overview ===================================

Multiple integer underflows in Grub2 1.98 through 2.02 allow physically
proximate attackers to bypass authentication, obtain sensitive information, or
cause a denial of service (disk corruption) via backspace characters in the (1)
grub_username_get function in grub-core/normal/auth.c or the (2)
grub_password_get function in lib/crypto.c, which trigger an "Off-by-two" or
"Out of bounds overwrite" memory error. 

================================ Initial Report ================================


================================= Our Analysis =================================

----- Affected Products -----
Grub as originally packaged in Cucumber Linux 1.0 and 1.1 is vulnerable.

----- Scope and Impact of this Vulnerability -----
Allows for an escalation of privileges, information disclosure and/or denial of
service if Grub is configured to require a username and password.

----- Testing if you are Affected -----
First, configure Grub to require a username and password by adding the following
to /boot/grub/grub.cfg:

password user password
export superusers

Next to quickly check if your system is vulnerable, when the Grub ask you the
username, press the Backspace 28 times. If your machine reboots or you get a
rescue shell then your Grub is affected. 

----- Fix for this Vulnerability -----
This vulnerability can be fixed by applying the patch from,
rebuilting Grub AND THEN reinstalling the Grub modules.

The Grub modules can be reinstalled by running the command `grub-install` or by
copying them over to /boot/grub from /usr/lib{,64}/grub/.

================================= Our Solution =================================

We have applied the aforementioned patch, added a to the grub package
to copy the new modules over and rebuilt.