[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug #47432] GRUB edition can allow an user to have any privilege it wan

From: JoãoGóes
Subject: [bug #47432] GRUB edition can allow an user to have any privilege it wants
Date: Wed, 16 Mar 2016 20:27:35 +0000
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 Iceweasel/38.6.0


                 Summary: GRUB edition can allow an user to have any privilege
it wants
                 Project: GNU GRUB
            Submitted by: johngoes
            Submitted on: Wed 16 Mar 2016 08:27:34 PM GMT
                Category: Security
                Severity: Major
                Priority: 5 - Normal
              Item Group: Action Request
                  Status: None
                 Privacy: Public
             Assigned to: None
         Originator Name: João Otávio de Góes & Giovanni C Martins
        Originator Email: address@hidden
             Open/Closed: Open
         Discussion Lock: Any
                 Release: 2.02~beta1
         Reproducibility: Every Time
         Planned Release: None



Submitted by Giovanni Custódio Martins and João Otávio de Góes.
Date: 16/02/2016 15:32:11
Posted on: 16/03/2016 04:50:50 PM GMT

Tested version: GNU GRUB 2.02 beta 2-22+deb8u1 <

Machine architecture: Intel Core i5 - 4200Um 1.6GHz, 8GB RAM, HDD 500GB,
multiboot system; Intel Pentium 2117U, 1.80GHz (dual core), 4GB RAM, 250GB,
virtual machine emulated system.

Tested target systems: Kali Linux 2.0, Kali Linux 1.0 and Windows (10).

Priority: Severe (major)

Primary effect: bypassing login (changing password of a Linux's account)

Secondary effect: having access (as a privileged user) to all
data/files/directories of the system

Main effect: having permission to modify/remove/add/execute anything you want
in the system (that you wouldn't have access to it, without the password).

Date: 16/02/2016 15:32:11

Flaw view: When accessing GNU GRUB it's possible to see what systems you can
boot. Pressing "e" you have access to the "advanced" settings of the boot
option. In the "settings" you can edit the line "linux
root=UUID=f\cd578e80739f-42c8-b3ab-f4f6b602b776 ro
initrd=/install/gtk/initrd.gz" to "linux /boot/vmlinuz-4.0.0-kali1-amd64
root=UUID=f\cd578e80739f-42c8-b3ab-f4f6b602b776 rw init=/bin/bash", by doing
this, it will prompt you a bash screen (terminal) and then, you can change all
system's settings (including user password, removing directories and even
corrupting the system!

Solving Suggestion: attributing fixed low permissions to the bash when not
logged in the system. It means: not having permission to view the data in
directories and not changing system's settings (like the password).


Reply to this item at:


  Message sent via/by Savannah

reply via email to

[Prev in Thread] Current Thread [Next in Thread]