USN-868-1: GRUB 2 vulnerability

12-08-2009

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

USN-868-1: GRUB 2 vulnerability

Referenced CVEs:
CVE-2009-4128

Description:
=========================================================== Ubuntu Security Notice USN-868-1 December 09, 2009 grub2 vulnerability CVE-2009-4128 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 9.10: grub2 1.97~beta4-1ubuntu4.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Users who have upgraded from GRUB Legacy to GRUB 2 and are still using Grub Legacy to chainload into GRUB 2, you will have to run the following command (possibly adjusting 'hd0') to update GRUB 2's on disk core image: $ sudo grub-install --no-floppy --grub-setup=/bin/true "(hd0)" If you previously ran 'upgrade-from-grub-legacy', a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that GRUB 2 did not properly validate passwords. An attacker with physical access could conduct a brute force attack and bypass authentication by submitting a 1 character password.

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

installgrub(1M) installgrub(1M) NAME
installgrub - install GRUB in a disk partition or a floppy SYNOPSIS
/sbin/installgrub [-fm] stage1 stage2 raw-device The installgrub command is an -only program. GRUB stands for GRand Unified Bootloader. installgrub installs GRUB stage 1 and stage 2 files on the boot area of a disk partition. If you specify the -m option, installgrub installs the stage 1 file on the master boot sector of the disk. The installgrub command accepts the following options: -f Suppresses interaction when overwriting the master boot sector. -m Installs GRUB stage1 on the master boot sector interactively. The installgrub command accepts the following operands: stage1 The name of the GRUB stage 1 file. stage2 The name of the GRUB stage 2 file. raw-device The name of the device onto which GRUB code is to be installed. It must be a character device that is readable and writable. For disk devices, specify the slice where the GRUB menu file is located. (For Solaris it is the root slice.) For a floppy disk, it is /dev/rdiskette. Example 1: Installing GRUB on a Hard Disk Slice The following command installs GRUB on a system where the root slice is c0d0s0: example# /sbin/installgrub /boot/grub/stage1 /boot/grub/stage2 /dev/rdsk/c0d0s0 Example 2: Installing GRUB on a Floppy The following command installs GRUB on a formatted floppy: example# mount -F pcfs /dev/diskette /mnt # mkdir -p /mnt/boot/grub # cp /boot/grub/* /mnt/boot/grub # umount /mnt # cd /boot/grub # /sbin/installgrub stage1 stage2 /dev/rdiskette /boot/grub Directory where GRUB files reside. See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Availability |SUNWcsu | +-----------------------------+-----------------------------+ |Interface Stability |Evolving | +-----------------------------+-----------------------------+ boot(1M), fdisk(1M), fmthard(1M), kernel(1M), attributes(5) Installing GRUB on the master boot sector (-m option) overrides any boot manager currently installed on the machine. The system will always boot the GRUB in the Solaris partition regardless of which fdisk partition is active. 24 May 2005 installgrub(1M)

Security Advisories (RSS)

USN-868-1: GRUB 2 vulnerability

LEARN ABOUT MOJAVE

installgrub