Ubuntu Security Notice USN-868-1
8th December, 2009
grub2 vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 9.10
Software description
- grub2
Details
It was discovered that GRUB 2 did not properly validate passwords. An
attacker with physical access could conduct a brute force attack and bypass
authentication by submitting a 1 character password.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 9.10:
- grub2 1.97~beta4-1ubuntu4.1
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Users who have upgraded from GRUB Legacy to GRUB 2 and did not run
'upgrade-from-grub-legacy' (ie those who are still using Grub Legacy to
chainload into GRUB 2) will have to run the following command (possibly
adjusting 'hd0') to update GRUB 2's on disk core image:
$ sudo grub-install --no-floppy --grub-setup=/bin/true "(hd0)"