Vigil@nce: GRUB, brute force attack
December 2009 by Vigil@nce
A local attacker can easily do a brute force on the GRUB password.
– Severity: 2/4
– Consequences: administrator access/rights
– Provenance: user console
– Means of attack: 1 attack
– Ability of attacker: technician (2/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 09/12/2009
IMPACTED PRODUCTS
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The GRUB boot manager can be configured to ask for a password
(/boot/grub/grub.cfg) :
set superusers="user1"
password user1 here-is-the-password
However, the password checking function compares passwords on the
size entered by the user (instead of the size of the expected
password). When the first character is valid, the password is
accepted. An attacker can therefore try passwords of one character
long, until he finds the first character of the expected password.
A local attacker can thus easily access to a password protected
GRUB.
CHARACTERISTICS
– Identifiers: 555195, BID-36968, CVE-2009-4128, VIGILANCE-VUL-9255
– Url: http://vigilance.fr/vulnerability/GRUB-brute-force-attack-9255