(Oracle Issues Fix for Oracle Linux) GNU GRUB Authentication Bug Lets Local Users Bypass Authentication and Gain Elevated Privileges
SecurityTracker Alert ID: 1034425|
SecurityTracker URL: http://securitytracker.com/id/1034425
(Links to External Site)
Date: Dec 15 2015
Root access via local system|
Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes |
Version(s): 1.98 - 2.02|
A vulnerability was reported in GNU GRUB. A local user can obtain elevated privileges on the target system.|
A local user can bypass authentication and gain full control of the target system.
The vulnerability resides in 'grub-core/lib/crypto.c' and 'grub-core/normal/auth.c'.
The original advisory is available at:
Hector Marco and Ismael Ripoll reported this vulnerability.
A local user can obtain full control of the target system.|
Oracle has issued a fix.|
The Oracle Linux advisory is available at:
Vendor URL: linux.oracle.com/errata/ELSA-2015-2623.html (Links to External Site)
|Underlying OS: Linux (Oracle)|
|Underlying OS Comments: 7|
This archive entry is a follow-up to the message listed below.|
Source Message Contents
Subject: [El-errata] ELSA-2015-2623 Moderate: Oracle Linux 7 grub2 security and bug fix update|
Oracle Linux Security Advisory ELSA-2015-2623
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
Description of changes:
- Fix comparison in patch for 18504756
- Remove symlink to grub environment file during uninstall on EFI platforms
- update Oracle Linux certificates (Alexey Petrenko)
- Put "with" in menuentry instead of "using" [bug 18504756]
- Use different titles for UEK and RHCK kernels [bug 18504756]
- Don't remove 01_users, it's the wrong thing to do.
- Rebuild for .z so the release number is different.
- More work on handling of GRUB2_PASSWORD
- Fix security issue when reading username and password
- Do a better job of handling GRUB_PASSWORD
El-errata mailing list