[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug #47432] GRUB edition can allow an user to have any privilege it wan
From: |
JoãoGóes |
Subject: |
[bug #47432] GRUB edition can allow an user to have any privilege it wants |
Date: |
Wed, 16 Mar 2016 20:27:35 +0000 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 Iceweasel/38.6.0 |
URL:
<http://savannah.gnu.org/bugs/?47432>
Summary: GRUB edition can allow an user to have any privilege
it wants
Project: GNU GRUB
Submitted by: johngoes
Submitted on: Wed 16 Mar 2016 08:27:34 PM GMT
Category: Security
Severity: Major
Priority: 5 - Normal
Item Group: Action Request
Status: None
Privacy: Public
Assigned to: None
Originator Name: João Otávio de Góes & Giovanni C Martins
Originator Email: address@hidden
Open/Closed: Open
Discussion Lock: Any
Release:
Release: 2.02~beta1
Reproducibility: Every Time
Planned Release: None
_______________________________________________________
Details:
Submitted by Giovanni Custódio Martins and João Otávio de Góes.
Date: 16/02/2016 15:32:11
Posted on: 16/03/2016 04:50:50 PM GMT
Tested version: GNU GRUB 2.02 beta 2-22+deb8u1 <
Machine architecture: Intel Core i5 - 4200Um 1.6GHz, 8GB RAM, HDD 500GB,
multiboot system; Intel Pentium 2117U, 1.80GHz (dual core), 4GB RAM, 250GB,
virtual machine emulated system.
Tested target systems: Kali Linux 2.0, Kali Linux 1.0 and Windows (10).
Priority: Severe (major)
Primary effect: bypassing login (changing password of a Linux's account)
Secondary effect: having access (as a privileged user) to all
data/files/directories of the system
Main effect: having permission to modify/remove/add/execute anything you want
in the system (that you wouldn't have access to it, without the password).
Date: 16/02/2016 15:32:11
Flaw view: When accessing GNU GRUB it's possible to see what systems you can
boot. Pressing "e" you have access to the "advanced" settings of the boot
option. In the "settings" you can edit the line "linux
/boot/vmlinuz-4.0.0-kali1-amd64
root=UUID=f\cd578e80739f-42c8-b3ab-f4f6b602b776 ro
initrd=/install/gtk/initrd.gz" to "linux /boot/vmlinuz-4.0.0-kali1-amd64
root=UUID=f\cd578e80739f-42c8-b3ab-f4f6b602b776 rw init=/bin/bash", by doing
this, it will prompt you a bash screen (terminal) and then, you can change all
system's settings (including user password, removing directories and even
corrupting the system!
Solving Suggestion: attributing fixed low permissions to the bash when not
logged in the system. It means: not having permission to view the data in
directories and not changing system's settings (like the password).
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?47432>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
- [bug #47432] GRUB edition can allow an user to have any privilege it wants,
JoãoGóes <=