Grub vulnerability?
6 posts
• Page 1 of 1
Grub vulnerability?
by oldbiddie » Dec 18th, '15, 10:52
I read that by pressing backspace 28 times when booting allowed entry to the system without password. The article was in Spanish ( not my language) so perhaps I misunderstood. Can anyone comment? TIA
- oldbiddie
- Posts: 155
- Joined: Jul 19th, '11, 19:52
Re: Grub vulnerability?
by filip » Dec 18th, '15, 11:13
This issue have reference CVE-2015-8370 and will soon have a fix. In that bug report there are also some more informative links.
- filip
- Posts: 478
- Joined: May 4th, '11, 22:10
- Location: Kranj, Slovenia
Re: Grub vulnerability?
by wintpe » Dec 23rd, '15, 15:07
This bug as i read it only applies if you are using a grub 2 password.
so if you are not then you are also not impacted by this, in other words it has no knock on effect.
so the press coverage it has received, blows the issue out of proportion, that is unless you are relying on that grub2 password to
lock your machine down.
regards peter
so if you are not then you are also not impacted by this, in other words it has no knock on effect.
so the press coverage it has received, blows the issue out of proportion, that is unless you are relying on that grub2 password to
lock your machine down.
regards peter
Redhat 6 Certified Engineer (RHCE)
Sometimes my posts will sound short, or snappy, however its realy not my intention to offend, so accept my apologies in advance.
Sometimes my posts will sound short, or snappy, however its realy not my intention to offend, so accept my apologies in advance.
- wintpe
- Posts: 1204
- Joined: May 22nd, '11, 17:08
- Location: Rayleigh,, Essex , UK
Re: Grub vulnerability?
by doktor5000 » Dec 23rd, '15, 18:17
wintpe wrote:This bug as i read it only applies if you are using a grub 2 password.
[...]
so the press coverage it has received, blows the issue out of proportion
Totally agree, it was way overhyped.
As it requires typical access to the machine, there are gazillion other way to workaround the bootloader password if that is your "protection".
Cauldron is not for the faint of heart!
Caution: Hot, bubbling magic inside. May explode or cook your kittens!
----
Disclaimer: Beware of allergic reactions in answer to unconstructive complaint-type posts
Caution: Hot, bubbling magic inside. May explode or cook your kittens!
----
Disclaimer: Beware of allergic reactions in answer to unconstructive complaint-type posts
-
doktor5000 - Posts: 18057
- Joined: Jun 4th, '11, 10:10
- Location: Leipzig, Germany
Re: Grub vulnerability?
by jiml8 » Dec 29th, '15, 17:46
I have been traveling in Panama, and I only learned about this "vulnerability" after I returned yesterday.
I saw an article in ZDNet with the breathless headline: "how to hack any linux machine". I read the article, said: "it won't work at all on my machines" and "whatthehell is this about...unintended way in but not particularly a threat to any machine that is properly secured."
Way over-hyped. Must indicate how secure Linux really is, that such a "vulnerability" gets such attention. Now...shellshock was a real serious problem. The OpenSSL issues are serious issues. But this???? Pfff.
I saw an article in ZDNet with the breathless headline: "how to hack any linux machine". I read the article, said: "it won't work at all on my machines" and "whatthehell is this about...unintended way in but not particularly a threat to any machine that is properly secured."
Way over-hyped. Must indicate how secure Linux really is, that such a "vulnerability" gets such attention. Now...shellshock was a real serious problem. The OpenSSL issues are serious issues. But this???? Pfff.
- jiml8
- Posts: 1254
- Joined: Jul 7th, '13, 18:09
6 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 1 guest