From mboxrd@z Thu Jan 1 00:00:00 1970 From: Matthias Fischer To: development@lists.ipfire.org Subject: [PATCH] grub 2.00: Bugfix for CVE-2015-8370 Date: Fri, 18 Dec 2015 21:28:52 +0100 Message-ID: <1450470532-21728-1-git-send-email-matthias.fischer@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============7956657007818684422==" List-Id: --===============7956657007818684422== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable See: http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html "A vulnerability in Grub2 has been found. Versions from 1.98 (December, 2009) to 2.02 (December, 2015) are affected. The vulnerability can be exploited under certain circumstances, allowing local attackers to bypass any kind of authentication (plain or hashed passwords). And so, the attacker may take control of the computer." Signed-off-by: Matthias Fischer --- lfs/grub | 3 +- ...E-2015-8370-Grub2-user-pass-vulnerability.patch | 45 ++++++++++++++++++++= ++ 2 files changed, 47 insertions(+), 1 deletion(-) create mode 100644 src/patches/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulner= ability.patch diff --git a/lfs/grub b/lfs/grub index bcbcbd0..3e613a8 100644 --- a/lfs/grub +++ b/lfs/grub @@ -1,7 +1,7 @@ ############################################################################= ### # = # # IPFire.org - A linux based firewall = # -# Copyright (C) 2007-2014 IPFire Team = # +# Copyright (C) 2007-2015 IPFire Team = # # = # # This program is free software: you can redistribute it and/or modify = # # it under the terms of the GNU General Public License as published by = # @@ -78,6 +78,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/grub-2.00_disable_vga_= fallback.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/0001-Fix-CVE-2015-8370= -Grub2-user-pass-vulnerability.patch cd $(DIR_APP) && \ ./configure \ --prefix=3D/usr \ diff --git a/src/patches/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability= .patch b/src/patches/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.pat= ch new file mode 100644 index 0000000..2eef1ae --- /dev/null +++ b/src/patches/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch @@ -0,0 +1,45 @@ +From 88c9657960a6c5d3673a25c266781e876c181add Mon Sep 17 00:00:00 2001 +From: Hector Marco-Gisbert +Date: Fri, 13 Nov 2015 16:21:09 +0100 +Subject: [PATCH] Fix security issue when reading username and password + + This patch fixes two integer underflows at: + * grub-core/lib/crypto.c + * grub-core/normal/auth.c + +Signed-off-by: Hector Marco-Gisbert +Signed-off-by: Ismael Ripoll-Ripoll +--- + grub-core/lib/crypto.c | 2 +- + grub-core/normal/auth.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c +index 010e550..524a3d8 100644 +--- a/grub-core/lib/crypto.c ++++ b/grub-core/lib/crypto.c +@@ -456,7 +456,7 @@ grub_password_get (char buf[], unsigned buf_size) + break; + } +=20 +- if (key =3D=3D '\b') ++ if (key =3D=3D '\b' && cur_len) + { + cur_len--; + continue; +diff --git a/grub-core/normal/auth.c b/grub-core/normal/auth.c +index c6bd96e..5782ec5 100644 +--- a/grub-core/normal/auth.c ++++ b/grub-core/normal/auth.c +@@ -172,7 +172,7 @@ grub_username_get (char buf[], unsigned buf_size) + break; + } +=20 +- if (key =3D=3D '\b') ++ if (key =3D=3D '\b' && cur_len) + { + cur_len--; + grub_printf ("\b"); +--=20 +1.9.1 + --=20 2.6.4 --===============7956657007818684422==--