World-Readable Permissions in GNU GRUB Configuration by Debian
CVE-2013-4577

Currently unrated

Key Information:

Vendor: Gnu
Status: Grub
Vendor: CVE Published:; 12 May 2014

Summary

The vulnerability arises from a Debian patch for GNU GRUB that sets world-readable permissions for the grub.cfg file. This misconfiguration allows local users to read sensitive information, including password hashes stored in the file via the password_pbkdf2 directive. Such exposure poses a significant risk, facilitating unauthorized access and potential privilege escalation in affected environments.

References

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632598

x_refsource_CONFIRM

http://seclists.org/oss-sec/2013/q4/291

mailing-listx_refsource_MLIST

http://seclists.org/oss-sec/2013/q4/292

mailing-listx_refsource_MLIST

Timeline

Vulnerability published
May 12, 2014
Vulnerability Reserved
Jun 12, 2013