Thursday, December 24, 2015

How to fix Grub2 bootloader flaw.

According to researchers Ismael Ripoll and Hector Marco,who wrote this article:

A vulnerability in Grub2 has been found. Versions from 1.98 (December, 2009) to 2.02 (December, 2015) are affected. The vulnerability can be exploited under certain circumstances, allowing local attackers to bypass any kind of authentication (plain or hashed passwords). And so, the attacker may take control of the computer.

Just hit the backspace key 28 times at the Grub username prompt during power-up.
This will open a Grub rescue shell with the rescue shell allows unauthenticated access to a computer and the ability to load another environment.
The Grub versions 1.98 to 2.02 are affected and suffer integer overflow problem.
The basic of the fault lies within two functions; the grub_password_get() function and the and grub_password_get() script.
To fix it use this patch.