PT-2014-2837 · Gnu+1 · Gnu Grub+1
Francesco Poli
+1
·
Published
2014-05-12
·
Updated
2024-01-16
·
CVE-2013-4577
CVSS v2.0
2.1
Low
| Vector | AV:L/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Debian (affected versions not specified)
Description
The issue concerns a Debian patch for GNU GRUB that uses world-readable permissions for the grub.cfg file. This allows local users to obtain password hashes by reading the
password pbkdf2 directive in the file.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Gnu Grub