CVE-2013-4577

Currently unrated

Key Information:

Vendor: Gnu
Status: Grub
Vendor: CVE Published:; 12 May 2014

Summary

A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the password_pbkdf2 directive in the file.

References

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632598

x_refsource_CONFIRM

http://seclists.org/oss-sec/2013/q4/291

mailing-listx_refsource_MLIST

http://seclists.org/oss-sec/2013/q4/292

mailing-listx_refsource_MLIST

Timeline

Vulnerability published
May 12, 2014
Vulnerability Reserved
Jun 12, 2013