A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the password_pbkdf2 directive in the file.
References
Configurations
History
16 Jan 2024, 01:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2014-05-12 14:55
Updated : 2024-02-28 12:20
NVD link : CVE-2013-4577
Mitre link : CVE-2013-4577
CVE.ORG link : CVE-2013-4577
JSON object : View
Products Affected
gnu
- grub
CWE
CWE-264
Permissions, Privileges, and Access Controls