USN-868-1: GRUB 2 vulnerability
Publication date
9 December 2009
Overview
GRUB 2 vulnerability
Releases
Packages
- grub2 -
Details
It was discovered that GRUB 2 did not properly validate passwords. An
attacker with physical access could conduct a brute force attack and bypass
authentication by submitting a 1 character password.
It was discovered that GRUB 2 did not properly validate passwords. An
attacker with physical access could conduct a brute force attack and bypass
authentication by submitting a 1 character password.
Update instructions
In general, a standard system upgrade is sufficient to effect the necessary changes. Users who have upgraded from GRUB Legacy to GRUB 2 and did not run 'upgrade-from-grub-legacy' (ie those who are still using Grub Legacy to chainload into GRUB 2) will have to run the following command (possibly adjusting 'hd0') to update GRUB 2's on disk core image: $ sudo grub-install --no-floppy --grub-setup=/bin/true "(hd0)"
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 9.10 karmic | grub2 – 1.97~beta4-1ubuntu4.1 | ||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.