URL: <http://savannah.gnu.org/bugs/?47432>
Summary: GRUB edition can allow an user to have any privilege it wants Project: GNU GRUB Submitted by: johngoes Submitted on: Wed 16 Mar 2016 08:27:34 PM GMT Category: Security Severity: Major Priority: 5 - Normal Item Group: Action Request Status: None Privacy: Public Assigned to: None Originator Name: João Otávio de Góes & Giovanni C Martins Originator Email: john_g...@icloud.com Open/Closed: Open Discussion Lock: Any Release: Release: 2.02~beta1 Reproducibility: Every Time Planned Release: None _______________________________________________________ Details: Submitted by Giovanni Custódio Martins and João Otávio de Góes. Date: 16/02/2016 15:32:11 Posted on: 16/03/2016 04:50:50 PM GMT Tested version: GNU GRUB 2.02 beta 2-22+deb8u1 < Machine architecture: Intel Core i5 - 4200Um 1.6GHz, 8GB RAM, HDD 500GB, multiboot system; Intel Pentium 2117U, 1.80GHz (dual core), 4GB RAM, 250GB, virtual machine emulated system. Tested target systems: Kali Linux 2.0, Kali Linux 1.0 and Windows (10). Priority: Severe (major) Primary effect: bypassing login (changing password of a Linux's account) Secondary effect: having access (as a privileged user) to all data/files/directories of the system Main effect: having permission to modify/remove/add/execute anything you want in the system (that you wouldn't have access to it, without the password). Date: 16/02/2016 15:32:11 Flaw view: When accessing GNU GRUB it's possible to see what systems you can boot. Pressing "e" you have access to the "advanced" settings of the boot option. In the "settings" you can edit the line "linux /boot/vmlinuz-4.0.0-kali1-amd64 root=UUID=f\cd578e80739f-42c8-b3ab-f4f6b602b776 ro initrd=/install/gtk/initrd.gz" to "linux /boot/vmlinuz-4.0.0-kali1-amd64 root=UUID=f\cd578e80739f-42c8-b3ab-f4f6b602b776 rw init=/bin/bash", by doing this, it will prompt you a bash screen (terminal) and then, you can change all system's settings (including user password, removing directories and even corrupting the system! Solving Suggestion: attributing fixed low permissions to the bash when not logged in the system. It means: not having permission to view the data in directories and not changing system's settings (like the password). _______________________________________________________ Reply to this item at: <http://savannah.gnu.org/bugs/?47432> _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ _______________________________________________ Bug-grub mailing list Bug-grub@gnu.org https://lists.gnu.org/mailman/listinfo/bug-grub