GRUB's authentication prompt can be bypassed by entering a sequence of backspace characters.
Package | sys-boot/grub on all architectures |
---|---|
Affected versions | < 2.02_beta2-r8 |
Unaffected versions | >= 2.02_beta2-r8 revision >= 0.97 |
GNU GRUB is a multiboot boot loader used by most Linux systems.
An integer underflow in GRUB’s username/password authentication code has been discovered.
An attacker with access to the system console may bypass the username prompt by entering a sequence of backspace characters, allowing them e.g. to get full access to GRUB’s console or to load a customized kernel.
There is no known workaround at this time.
All GRUB 2.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-boot/grub-2.02_beta2-r8"
After upgrading, make sure to run the grub2-install command with options appropriate for your system. See the GRUB2 Quick Start guide in the references below for examples. Your system will be vulnerable until this action is performed.
Release date
December 19, 2015
Latest revision
December 19, 2015: 1
Severity
normal
Exploitable
local
Bugzilla entries