AusCERT - ESB-2009.1623 - [Linux][Ubuntu] grub2: Unauthorised access

HOME
About AusCERT
Membership
PKI Services
Training
Publications
Sec. Bulletins
Conferences
News & Media
Services
Web Log
Site Map
Site Help
Member login
ESB-2009.1623 - [Linux][Ubuntu] grub2: Unauthorised access - Console/physical
Date: 10 December 2009

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2009.1623
                           GRUB 2 vulnerability
                             10 December 2009

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           grub2
Publisher:         Ubuntu
Operating System:  Linux variants
                   Ubuntu
Impact/Access:     Unauthorised Access -- Console/Physical
Resolution:        Patch/Upgrade
CVE Names:         CVE-2009-4128  

Original Bulletin: 
   http://www.ubuntu.com/usn/usn-868-1

Comment: This advisory references vulnerabilities in products which run on 
         platforms other than Ubuntu. It is recommended that administrators 
         running grub2 check for an updated version of the software for their
         operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

===========================================================
Ubuntu Security Notice USN-868-1          December 09, 2009
grub2 vulnerability
CVE-2009-4128
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.10:
  grub2                           1.97~beta4-1ubuntu4.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Users who have upgraded from GRUB Legacy to GRUB 2 and are still using Grub
Legacy to chainload into GRUB 2, you will have to run the following command
(possibly adjusting 'hd0') to update GRUB 2's on disk core image:

$ sudo grub-install --no-floppy --grub-setup=/bin/true "(hd0)"

If you previously ran 'upgrade-from-grub-legacy', a standard system upgrade
is sufficient to effect the necessary changes.

Details follow:

It was discovered that GRUB 2 did not properly validate passwords. An
attacker with physical access could conduct a brute force attack and bypass
authentication by submitting a 1 character password.


Updated packages for Ubuntu 9.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/grub2/grub2_1.97~beta4-1ubuntu4.1.diff.gz
      Size/MD5:   250341 94284059eefdd8b1a204142abedb645c
    http://security.ubuntu.com/ubuntu/pool/main/g/grub2/grub2_1.97~beta4-1ubuntu4.1.dsc
      Size/MD5:     1945 66af22931f8a965f49a26bc84c5fb9e2
    http://security.ubuntu.com/ubuntu/pool/main/g/grub2/grub2_1.97~beta4.orig.tar.gz
      Size/MD5:  1244094 78edf78a2cf4ee39d539ba0b82a6afed

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/g/grub2/grub-common_1.97~beta4-1ubuntu4.1_amd64.deb
      Size/MD5:  1008342 a3cd4c29207668d03b3f0e6f94805642
    http://security.ubuntu.com/ubuntu/pool/main/g/grub2/grub-pc_1.97~beta4-1ubuntu4.1_amd64.deb
      Size/MD5:   444642 676c9efd4f0dc53510fe200993512fc3
    http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-coreboot_1.97~beta4-1ubuntu4.1_amd64.deb
      Size/MD5:   227576 1c99905094ad542ccb52aaf7da06a287
    http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-efi-amd64_1.97~beta4-1ubuntu4.1_amd64.deb
      Size/MD5:   297472 329b8b5e30b12106a9c811e082721436
    http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-efi-ia32_1.97~beta4-1ubuntu4.1_amd64.deb
      Size/MD5:   250536 e739653b2e0028893df0b8a1aaf82c69
    http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-efi_1.97~beta4-1ubuntu4.1_amd64.deb
      Size/MD5:     1476 f3e99ae5c03700476811c248cb4a14c9
    http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-emu_1.97~beta4-1ubuntu4.1_amd64.deb
      Size/MD5:   345940 13b038768ebe93df1520db2111ccd751
    http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-firmware-qemu_1.97~beta4-1ubuntu4.1_amd64.deb
      Size/MD5:   400562 3e6bad6edb5ca1813aa2fa3d639e810a
    http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-ieee1275_1.97~beta4-1ubuntu4.1_amd64.deb
      Size/MD5:   214358 f42279a0623bd57be2bcd7ff7cd55bf5
    http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-linuxbios_1.97~beta4-1ubuntu4.1_amd64.deb
      Size/MD5:     1470 2c1a2294f6e47b25c7ba6aae15540b18
    http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-rescue-pc_1.97~beta4-1ubuntu4.1_amd64.deb
      Size/MD5:   752180 c4e35cf34426692f56054a2b684caee6
    http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub2_1.97~beta4-1ubuntu4.1_amd64.deb
      Size/MD5:     2606 7bf8e3b76a2fb80395200fdb34ce92c3

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/g/grub2/grub-common_1.97~beta4-1ubuntu4.1_i386.deb
      Size/MD5:   994122 9ca29e8e186c28bcb6e2ca110ce5c678
    http://security.ubuntu.com/ubuntu/pool/main/g/grub2/grub-pc_1.97~beta4-1ubuntu4.1_i386.deb
      Size/MD5:   433532 c2cd60a80ad48983a196b071abd54fb7
    http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-coreboot_1.97~beta4-1ubuntu4.1_i386.deb
      Size/MD5:   227602 5cfd70769ecc58b804d6b8161a617863
    http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-efi-amd64_1.97~beta4-1ubuntu4.1_i386.deb
      Size/MD5:   296628 d7c63b6bf1bd1d0ba2c3a0a97adc3cf5
    http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-efi-ia32_1.97~beta4-1ubuntu4.1_i386.deb
      Size/MD5:   249016 51f9c46b8e7ad9d69041018b408dfa52
    http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-efi_1.97~beta4-1ubuntu4.1_i386.deb
      Size/MD5:     1478 e58af38d18d4fc457279041b95a7f47b
    http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-emu_1.97~beta4-1ubuntu4.1_i386.deb
      Size/MD5:   327234 23389dcc94cae8666a9468b817c6d55d
    http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-firmware-qemu_1.97~beta4-1ubuntu4.1_i386.deb
      Size/MD5:   400558 c483aa4407641f759bf6d6e919f4cf4d
    http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-ieee1275_1.97~beta4-1ubuntu4.1_i386.deb
      Size/MD5:   214362 04fea0a758a1f151fc11b5b7263d55fc
    http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-linuxbios_1.97~beta4-1ubuntu4.1_i386.deb
      Size/MD5:     1470 2c0ac267a93d49078a396c0461d85eef
    http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-rescue-pc_1.97~beta4-1ubuntu4.1_i386.deb
      Size/MD5:   752154 3b45262773f36cfa0418d3dbd106a371
    http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub2_1.97~beta4-1ubuntu4.1_i386.deb
      Size/MD5:     2610 d6a3595f00a9f78fd007637f6fca9504

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/g/grub2/grub-common_1.97~beta4-1ubuntu4.1_lpia.deb
      Size/MD5:   994762 593e7cbb941e44b3ce873ec4e0e5e10e
    http://ports.ubuntu.com/pool/main/g/grub2/grub-pc_1.97~beta4-1ubuntu4.1_lpia.deb
      Size/MD5:   428152 f1d4e8bef9edbfe16e79232de6d5c28b
    http://ports.ubuntu.com/pool/universe/g/grub2/grub-efi-ia32_1.97~beta4-1ubuntu4.1_lpia.deb
      Size/MD5:   249668 c07a97cc2e04ebf1f551652dd5fe89f7
    http://ports.ubuntu.com/pool/universe/g/grub2/grub-efi_1.97~beta4-1ubuntu4.1_lpia.deb
      Size/MD5:     1476 28da02262428fe931fe85d5ff650cd97
    http://ports.ubuntu.com/pool/universe/g/grub2/grub-emu_1.97~beta4-1ubuntu4.1_lpia.deb
      Size/MD5:   328712 ddb8770c9770c923f4c9b93d91221f41
    http://ports.ubuntu.com/pool/universe/g/grub2/grub-firmware-qemu_1.97~beta4-1ubuntu4.1_lpia.deb
      Size/MD5:   400586 70d2ac9b2f4d3f8b46635df8a4798de1
    http://ports.ubuntu.com/pool/universe/g/grub2/grub-ieee1275_1.97~beta4-1ubuntu4.1_lpia.deb
      Size/MD5:   214528 5247f468e60f5ac431514fa9c070b2ac
    http://ports.ubuntu.com/pool/universe/g/grub2/grub-linuxbios_1.97~beta4-1ubuntu4.1_lpia.deb
      Size/MD5:   199482 a710f7be88ee6a8b0a1b3ff134ab43be
    http://ports.ubuntu.com/pool/universe/g/grub2/grub-rescue-pc_1.97~beta4-1ubuntu4.1_lpia.deb
      Size/MD5:   741660 8d4127f5f6651a592f6b91ac9152c60c
    http://ports.ubuntu.com/pool/universe/g/grub2/grub2_1.97~beta4-1ubuntu4.1_lpia.deb
      Size/MD5:     2602 11d90bd876010d9334275515a6908915

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/g/grub2/grub-common_1.97~beta4-1ubuntu4.1_sparc.deb
      Size/MD5:  1002148 66abb79f534f3d55e45c51859c618a06
    http://ports.ubuntu.com/pool/universe/g/grub2/grub-emu_1.97~beta4-1ubuntu4.1_sparc.deb
      Size/MD5:   332094 bacedc782f461faed75006715ee955e6
    http://ports.ubuntu.com/pool/universe/g/grub2/grub-ieee1275_1.97~beta4-1ubuntu4.1_sparc.deb
      Size/MD5:   334620 e37a7b515ea456152f714caf796de3c0
    http://ports.ubuntu.com/pool/universe/g/grub2/grub2_1.97~beta4-1ubuntu4.1_sparc.deb
      Size/MD5:     2620 331f84d64fbef94c1b6a97425009db0c

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iD8DBQFLIFUbNVH5XJJInbgRAt+sAJoCoUv6s8NGn+FGIhiaKv0h0avegwCaAxia
Fz9fwTcEvu9Z+gyxY+wxXLE=
=gsR1
-----END PGP SIGNATURE-----