World-Readable Permissions in GNU GRUB Configuration by Debian
CVE-2013-4577
Currently unrated
Summary
The vulnerability arises from a Debian patch for GNU GRUB that sets world-readable permissions for the grub.cfg file. This misconfiguration allows local users to read sensitive information, including password hashes stored in the file via the password_pbkdf2 directive. Such exposure poses a significant risk, facilitating unauthorized access and potential privilege escalation in affected environments.
References
Timeline
Vulnerability published
Vulnerability Reserved