grub: High Security risk with default installation
Kuba Plichcinski
kuba at xpl.pl
Tue Mar 11 12:46:02 UTC 2008
Package: grub
Version: 0.97-29ubuntu4
Severity: critical
Tags: security
Justification: root security hole
Default grub installation doesn't require password for grub.
Without a password anyoune can boot with option:
init=/bin/sh
Than it's enough to:
mount -o remount,rw /
To get full access in 20 seconds from boot.
-- System Information:
Debian Release: lenny/sid
APT prefers gutsy-updates
APT policy: (500, 'gutsy-updates'), (500, 'gutsy-security'), (500, 'gutsy-backports'), (500, 'gutsy')
Architecture: i386 (i686)
Kernel: Linux 2.6.22-14-generic (SMP w/2 CPU cores)
Locale: LANG=pl_PL, LC_CTYPE=pl_PL (charmap=ISO-8859-2)
Shell: /bin/sh linked to /bin/dash
Versions of packages grub depends on:
ii libc6 2.6.1-1ubuntu10 GNU C Library: Shared libraries
ii libncurses5 5.6+20070716-1ubuntu3 Shared libraries for terminal hand
ii volumeid 113-0ubuntu17 volume identification tool
grub recommends no packages.
-- no debconf information
More information about the ubuntu-users
mailing list