This effect's systems with older version of Grub2this Link covers a more in depth on How and Why grub2 is exploitable. This link shows you how to fix that exploit.
Grub2 Authentication Bypass 0-Day:
Versions from 1.98 (December, 2009) to 2.02 (December, 2015) are affected.
The Exploit (PoC)
Exploiting the integer underflow can be used to cause an Off-by-two or an Out of bounds overwrite memory errors. The former error, overwrites up to two bytes right under the username buffer (local variable called login at function grub_auth_check_authentication()), but this area does not contain any usable information to build an attack; actually, it is padding.
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.
