viernes, 18 de diciembre de 2015

GRUB2 leaves any GNU/Linux vulnerable

A vulnerability that affects GRUB2 versions from 1.98 (December, 2009) to 2.02 (December, 2015) has been found. 

This vulnerability can be exploited under certain circumstances allowing an attacker to take control over a computer even if the passwords are hashed.

The attacker can bypass any type of authentication by only pressing the Back Button 28 times!



How to patch this vulnerability:
$ git clone git://git.savannah.gnu.org/grub.git grub.git
$ cd grub.git
$ wget http://hmarco.org/bugs/patches/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch
$ git apply 0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch

Run this commands and the vulnerability will be gone.

Source: http://adf.ly/1Tf6JY

No hay comentarios:

Publicar un comentario