Ubuntu 868-1: GRUB 2 vulnerability

    Date 08 Dec 2009
    76
    Posted By LinuxSecurity Advisories
    It was discovered that GRUB 2 did not properly validate passwords. Anattacker with physical access could conduct a brute force attack and bypassauthentication by submitting a 1 character password.
    ===========================================================
    Ubuntu Security Notice USN-868-1          December 09, 2009
    grub2 vulnerability
    CVE-2009-4128
    ===========================================================
    
    A security issue affects the following Ubuntu releases:
    
    Ubuntu 9.10
    
    This advisory also applies to the corresponding versions of
    Kubuntu, Edubuntu, and Xubuntu.
    
    The problem can be corrected by upgrading your system to the
    following package versions:
    
    Ubuntu 9.10:
      grub2                           1.97~beta4-1ubuntu4.1
    
    In general, a standard system upgrade is sufficient to effect the
    necessary changes.
    
    Users who have upgraded from GRUB Legacy to GRUB 2 and are still using Grub
    Legacy to chainload into GRUB 2, you will have to run the following command
    (possibly adjusting 'hd0') to update GRUB 2's on disk core image:
    
    $ sudo grub-install --no-floppy --grub-setup=/bin/true "(hd0)"
    
    If you previously ran 'upgrade-from-grub-legacy', a standard system upgrade
    is sufficient to effect the necessary changes.
    
    Details follow:
    
    It was discovered that GRUB 2 did not properly validate passwords. An
    attacker with physical access could conduct a brute force attack and bypass
    authentication by submitting a 1 character password.
    
    
    Updated packages for Ubuntu 9.10:
    
      Source archives:
    
        https://security.ubuntu.com/ubuntu/pool/main/g/grub2/grub2_1.97~beta4-1ubuntu4.1.diff.gz
          Size/MD5:   250341 94284059eefdd8b1a204142abedb645c
        https://security.ubuntu.com/ubuntu/pool/main/g/grub2/grub2_1.97~beta4-1ubuntu4.1.dsc
          Size/MD5:     1945 66af22931f8a965f49a26bc84c5fb9e2
        https://security.ubuntu.com/ubuntu/pool/main/g/grub2/grub2_1.97~beta4.orig.tar.gz
          Size/MD5:  1244094 78edf78a2cf4ee39d539ba0b82a6afed
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        https://security.ubuntu.com/ubuntu/pool/main/g/grub2/grub-common_1.97~beta4-1ubuntu4.1_amd64.deb
          Size/MD5:  1008342 a3cd4c29207668d03b3f0e6f94805642
        https://security.ubuntu.com/ubuntu/pool/main/g/grub2/grub-pc_1.97~beta4-1ubuntu4.1_amd64.deb
          Size/MD5:   444642 676c9efd4f0dc53510fe200993512fc3
        https://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-coreboot_1.97~beta4-1ubuntu4.1_amd64.deb
          Size/MD5:   227576 1c99905094ad542ccb52aaf7da06a287
        https://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-efi-amd64_1.97~beta4-1ubuntu4.1_amd64.deb
          Size/MD5:   297472 329b8b5e30b12106a9c811e082721436
        https://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-efi-ia32_1.97~beta4-1ubuntu4.1_amd64.deb
          Size/MD5:   250536 e739653b2e0028893df0b8a1aaf82c69
        https://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-efi_1.97~beta4-1ubuntu4.1_amd64.deb
          Size/MD5:     1476 f3e99ae5c03700476811c248cb4a14c9
        https://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-emu_1.97~beta4-1ubuntu4.1_amd64.deb
          Size/MD5:   345940 13b038768ebe93df1520db2111ccd751
        https://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-firmware-qemu_1.97~beta4-1ubuntu4.1_amd64.deb
          Size/MD5:   400562 3e6bad6edb5ca1813aa2fa3d639e810a
        https://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-ieee1275_1.97~beta4-1ubuntu4.1_amd64.deb
          Size/MD5:   214358 f42279a0623bd57be2bcd7ff7cd55bf5
        https://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-linuxbios_1.97~beta4-1ubuntu4.1_amd64.deb
          Size/MD5:     1470 2c1a2294f6e47b25c7ba6aae15540b18
        https://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-rescue-pc_1.97~beta4-1ubuntu4.1_amd64.deb
          Size/MD5:   752180 c4e35cf34426692f56054a2b684caee6
        https://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub2_1.97~beta4-1ubuntu4.1_amd64.deb
          Size/MD5:     2606 7bf8e3b76a2fb80395200fdb34ce92c3
    
      i386 architecture (x86 compatible Intel/AMD):
    
        https://security.ubuntu.com/ubuntu/pool/main/g/grub2/grub-common_1.97~beta4-1ubuntu4.1_i386.deb
          Size/MD5:   994122 9ca29e8e186c28bcb6e2ca110ce5c678
        https://security.ubuntu.com/ubuntu/pool/main/g/grub2/grub-pc_1.97~beta4-1ubuntu4.1_i386.deb
          Size/MD5:   433532 c2cd60a80ad48983a196b071abd54fb7
        https://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-coreboot_1.97~beta4-1ubuntu4.1_i386.deb
          Size/MD5:   227602 5cfd70769ecc58b804d6b8161a617863
        https://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-efi-amd64_1.97~beta4-1ubuntu4.1_i386.deb
          Size/MD5:   296628 d7c63b6bf1bd1d0ba2c3a0a97adc3cf5
        https://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-efi-ia32_1.97~beta4-1ubuntu4.1_i386.deb
          Size/MD5:   249016 51f9c46b8e7ad9d69041018b408dfa52
        https://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-efi_1.97~beta4-1ubuntu4.1_i386.deb
          Size/MD5:     1478 e58af38d18d4fc457279041b95a7f47b
        https://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-emu_1.97~beta4-1ubuntu4.1_i386.deb
          Size/MD5:   327234 23389dcc94cae8666a9468b817c6d55d
        https://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-firmware-qemu_1.97~beta4-1ubuntu4.1_i386.deb
          Size/MD5:   400558 c483aa4407641f759bf6d6e919f4cf4d
        https://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-ieee1275_1.97~beta4-1ubuntu4.1_i386.deb
          Size/MD5:   214362 04fea0a758a1f151fc11b5b7263d55fc
        https://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-linuxbios_1.97~beta4-1ubuntu4.1_i386.deb
          Size/MD5:     1470 2c0ac267a93d49078a396c0461d85eef
        https://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-rescue-pc_1.97~beta4-1ubuntu4.1_i386.deb
          Size/MD5:   752154 3b45262773f36cfa0418d3dbd106a371
        https://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub2_1.97~beta4-1ubuntu4.1_i386.deb
          Size/MD5:     2610 d6a3595f00a9f78fd007637f6fca9504
    
      lpia architecture (Low Power Intel Architecture):
    
        https://ports.ubuntu.com/pool/main/g/grub2/grub-common_1.97~beta4-1ubuntu4.1_lpia.deb
          Size/MD5:   994762 593e7cbb941e44b3ce873ec4e0e5e10e
        https://ports.ubuntu.com/pool/main/g/grub2/grub-pc_1.97~beta4-1ubuntu4.1_lpia.deb
          Size/MD5:   428152 f1d4e8bef9edbfe16e79232de6d5c28b
        https://ports.ubuntu.com/pool/universe/g/grub2/grub-efi-ia32_1.97~beta4-1ubuntu4.1_lpia.deb
          Size/MD5:   249668 c07a97cc2e04ebf1f551652dd5fe89f7
        https://ports.ubuntu.com/pool/universe/g/grub2/grub-efi_1.97~beta4-1ubuntu4.1_lpia.deb
          Size/MD5:     1476 28da02262428fe931fe85d5ff650cd97
        https://ports.ubuntu.com/pool/universe/g/grub2/grub-emu_1.97~beta4-1ubuntu4.1_lpia.deb
          Size/MD5:   328712 ddb8770c9770c923f4c9b93d91221f41
        https://ports.ubuntu.com/pool/universe/g/grub2/grub-firmware-qemu_1.97~beta4-1ubuntu4.1_lpia.deb
          Size/MD5:   400586 70d2ac9b2f4d3f8b46635df8a4798de1
        https://ports.ubuntu.com/pool/universe/g/grub2/grub-ieee1275_1.97~beta4-1ubuntu4.1_lpia.deb
          Size/MD5:   214528 5247f468e60f5ac431514fa9c070b2ac
        https://ports.ubuntu.com/pool/universe/g/grub2/grub-linuxbios_1.97~beta4-1ubuntu4.1_lpia.deb
          Size/MD5:   199482 a710f7be88ee6a8b0a1b3ff134ab43be
        https://ports.ubuntu.com/pool/universe/g/grub2/grub-rescue-pc_1.97~beta4-1ubuntu4.1_lpia.deb
          Size/MD5:   741660 8d4127f5f6651a592f6b91ac9152c60c
        https://ports.ubuntu.com/pool/universe/g/grub2/grub2_1.97~beta4-1ubuntu4.1_lpia.deb
          Size/MD5:     2602 11d90bd876010d9334275515a6908915
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        https://ports.ubuntu.com/pool/main/g/grub2/grub-common_1.97~beta4-1ubuntu4.1_sparc.deb
          Size/MD5:  1002148 66abb79f534f3d55e45c51859c618a06
        https://ports.ubuntu.com/pool/universe/g/grub2/grub-emu_1.97~beta4-1ubuntu4.1_sparc.deb
          Size/MD5:   332094 bacedc782f461faed75006715ee955e6
        https://ports.ubuntu.com/pool/universe/g/grub2/grub-ieee1275_1.97~beta4-1ubuntu4.1_sparc.deb
          Size/MD5:   334620 e37a7b515ea456152f714caf796de3c0
        https://ports.ubuntu.com/pool/universe/g/grub2/grub2_1.97~beta4-1ubuntu4.1_sparc.deb
          Size/MD5:     2620 331f84d64fbef94c1b6a97425009db0c
    

    LinuxSecurity Poll

    If you are using full-disk encryption: are you concerned about the resulting performance hit?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/34-if-you-are-using-full-disk-encryption-are-you-concerned-about-the-resulting-performance-hit?task=poll.vote&format=json
    34
    radio
    [{"id":"120","title":"Yes","votes":"10","type":"x","order":"1","pct":71.43,"resources":[]},{"id":"121","title":"No ","votes":"4","type":"x","order":"2","pct":28.57,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.