[UCI-Linux] Linux Grub2 Authentication 0-Day
Mike Iglesias
iglesias at uci.edu
Wed Dec 16 13:40:01 PST 2015
Current versions of the Linux Grub2 bootloader contain a vulnerability that
could allow an attacker who has physical access to a system protected with a
Grub username/password to bypass the protection and gain access to the system.
The vulnerability has been patched so if you have systems protected with a
Grub username/password, you'll want to apply the update as soon as possible.
Here are the details of the vulnerability:
http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html
--
Mike Iglesias Email: iglesias at uci.edu
University of California, Irvine phone: 949-824-6926
Office of Information Technology FAX: 949-824-2270
More information about the UCI-Linux
mailing list