CLD-421 Details
Other IDs this deficiency may be known by:
Basic Information:
| Affected Package(s) |
grub |
| Deficiency Type |
SECURITY |
| Date Created |
2018-06-01 13:48:17 |
| Date Last Modified |
2018-06-01 15:35:43 |
Version Specific Information:
| Cucumber 1.0 i686 | fixed in grub-2.00-i686-3 |
| Cucumber 1.0 x86_64 | fixed in grub-2.00-x86_64-3 |
| Cucumber 1.1 i686 |
fixed in grub-2.00-i686-3 |
| Cucumber 1.1 x86_64 |
fixed in grub-2.00-x86_64-3 |
Details:
=================================== Overview ===================================
Multiple integer underflows in Grub2 1.98 through 2.02 allow physically
proximate attackers to bypass authentication, obtain sensitive information, or
cause a denial of service (disk corruption) via backspace characters in the (1)
grub_username_get function in grub-core/normal/auth.c or the (2)
grub_password_get function in lib/crypto.c, which trigger an "Off-by-two" or
"Out of bounds overwrite" memory error.
================================ Initial Report ================================
See http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html
================================= Our Analysis =================================
----- Affected Products -----
Grub as originally packaged in Cucumber Linux 1.0 and 1.1 is vulnerable.
----- Scope and Impact of this Vulnerability -----
Allows for an escalation of privileges, information disclosure and/or denial of
service if Grub is configured to require a username and password.
----- Testing if you are Affected -----
First, configure Grub to require a username and password by adding the following
to /boot/grub/grub.cfg:
superusers="user"
password user password
export superusers
Next to quickly check if your system is vulnerable, when the Grub ask you the
username, press the Backspace 28 times. If your machine reboots or you get a
rescue shell then your Grub is affected.
----- Fix for this Vulnerability -----
This vulnerability can be fixed by applying the patch from
http://git.savannah.gnu.org/cgit/grub.git/commit/?id=451d80e52d851432e109771bb8febafca7a5f1f2,
rebuilting Grub AND THEN reinstalling the Grub modules.
The Grub modules can be reinstalled by running the command `grub-install` or by
copying them over to /boot/grub from /usr/lib{,64}/grub/.
================================= Our Solution =================================
We have applied the aforementioned patch, added a doinst.sh to the grub package
to copy the new modules over and rebuilt.