GRUB2's zero-day vulnerability affects Linux users. Ubuntu and RHEL patches are now available.

GRUB2's zero-day vulnerability affects Linux users. Ubuntu and RHEL patches are now available.

According to the latest Ubuntu Security Notice of Canonical, a zero-day Security vulnerability exists in GRUB2 (GNU GRand Unified Bootloader), which will affect the GNU/Linux release version with GRUB version 2.02 Beta.

This security vulnerability was discovered by Ismael Ripoll and Hector Marco. When the boot program is configured with password protection for identity authentication, it cannot correctly handle the return key, this allows local attackers to bypass GRUB Password protection.

Releases including Ubuntu 15.10 (Wily Werewolf), Ubuntu 15.04 (Vivid Vervet), Ubuntu 14.04 LTS (Trusty Tahr), and Ubuntu 12.04 LTS (Precise Pangolin) are affected, however, the patches for Ubuntu and RHEL have been released. If there are security risks, you are advised to take immediate measures.

Zero-day-grub2-vulnerability-hits-linux-users-patch-available-for-ubuntu-rhel-497688-2

Link: http://news.softpedia.com/news/zero-day-grub2-vulnerability-hits-linux-users-patch-available-for-ubuntu-rhel-497688.shtml

Editor's note:

Zero-Day Attack: If a vulnerability is detected on the current Day or more accurately within 24 hours, it is immediately exploited, A zero-day vulnerability is a zero-day attack ".

GRUB2: gnu grub ("GRUB" for short) is a startup Bootstrap program from the GNU project. GRUB is the implementation of multi-boot specifications. It allows you to have multiple operating systems in your computer and select the operating system you want to run when the computer starts. GRUB can be used to select different kernels on the operating system partition or to pass startup parameters to these kernels.

The predecessor of gnu grub is Grand uniied Bootloader. It is mainly used in Unix-like systems. Like many Linux distributions, the GNU system uses gnu grub as its initiator. Solaris also uses gnu grub as the starter on x86 systems starting from version 10 and 1/06.

Grub 2 is a new generation of Grub, which implements some features not available in Grub:

1. Modular Design

Unlike Grub's single kernel structure, Grub 2 features are distributed in many small modules and can be dynamically loaded and detached during runtime.

2. Support for Multiple Architectures

Grub 2 supports different systems such as PC (i386) and MAC (powerpc), and supports the latest EFI architecture.

3. International support

Grub 2 supports non-English languages.

4. Memory Management

Grub 2 has a real memory management system.

5. Script Language

Grub 2 supports scripting languages, such as conditions, loops, variables, and functions.