Home Sign Up Sign In
V2EX = way to explore
V2EX 是一个关于分享和探索的地方
Sign Up Now
For Existing Member  Sign In
Distributions
Ubuntu
Fedora
CentOS
中文资源站
网易开源镜像站
baozijianke
V2EX  ›  Linux

Back to 28: Grub2 Authentication Bypass 0-Day

  •   
  •   baozijianke · Dec 19, 2015 · 2896 views
    This topic created in 3790 days ago, the information mentioned may be changed or developed.

    咦,我搜索了一圈,没人讨论么?

    http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html

    Description

    A vulnerability in Grub2 has been found. Versions from 1.98 (December, 2009) to 2.02 (December, 2015) are affected. The vulnerability can be exploited under certain circumstances, allowing local attackers to bypass any kind of authentication (plain or hashed passwords). And so, the attacker may take control of the computer.

  • GRUB2
  • bypass
  • december
  • the
    2 replies    2015-12-19 22:41:19 +08:00
    Halry
        1
    Halry  
       Dec 19, 2015
    只有实体操作才能触发漏洞.
    自己的主机都是上 windows 的,只有远程的 vps 才是 linux...然而并没有什么卵用
    msg7086
        2
    msg7086  
       Dec 19, 2015
    这里有多少人会给 grub 加密码……
    About   ·   Help   ·   Advertise   ·   Blog   ·   API   ·   FAQ   ·   Solana   ·   929 Online   Highest 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 36ms · UTC 18:24 · PVG 02:24 · LAX 11:24 · JFK 14:24
    ♥ Do have faith in what you're doing.