World-Readable Permissions in GNU GRUB Configuration by Debian
CVE-2013-4577

Currently unrated

Key Information:

Vendor
Gnu
Status
Vendor
CVE Published:
12 May 2014

Summary

The vulnerability arises from a Debian patch for GNU GRUB that sets world-readable permissions for the grub.cfg file. This misconfiguration allows local users to read sensitive information, including password hashes stored in the file via the password_pbkdf2 directive. Such exposure poses a significant risk, facilitating unauthorized access and potential privilege escalation in affected environments.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.