http://hmarco.org/bugs/CVE-2015-837 0-Grub2-authentication-b

Thread replies: 22
Thread images: 3

Grub2 Authentication
2015-12-15 17:42:21 Post No. 51879994
[Report] Image search: [Google]

File: grub_hacked-b.png (183 KB, 550x529) Image search: [Google]

183 KB, 550x529

Grub2 Authentication 2015-12-15 17:42:21 Post No. 51879994 [Report]

http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html

Nice backdoor grub

>>

Anonymous 2015-12-15 17:47:55 Post No.51880087
[Report] Image search: [Google]

Anonymous 2015-12-15 17:47:55 Post No.51880087 [Report]

File: eri funy face.jpg (58 KB, 416x417) Image search: [Google]

58 KB, 416x417

>GRUB

GNU shitware at its finest. Use LILO or Syslinux.

>>

Anonymous 2015-12-15 17:49:39 Post No.51880119
[Report]

Anonymous 2015-12-15 17:49:39 Post No.51880119 [Report]

I've been using this bug for years. Surprised someone else finally found it.

>>

Grub2 Authentication 2015-12-15 17:50:07 Post No.51880126
[Report]

Grub2 Authentication 2015-12-15 17:50:07 Post No.51880126 [Report]

what kind of next level autist finds this out

>>

Anonymous 2015-12-15 17:57:58 Post No.51880243
[Report]

Anonymous 2015-12-15 17:57:58 Post No.51880243 [Report]

>>51880087
I wish syslinux had better UEFI support

>>

Anonymous 2015-12-15 19:20:56 Post No.51881552
[Report]

Anonymous 2015-12-15 19:20:56 Post No.51881552 [Report]

>>51880126
probably used a fuzzer

>>

Anonymous 2015-12-15 19:25:19 Post No.51881627
[Report]

Anonymous 2015-12-15 19:25:19 Post No.51881627 [Report]

>not encrypting your hard drives
If you have access to the computer you'll have access to the drives anyway

>>

Anonymous 2015-12-15 19:25:31 Post No.51881631
[Report]

Anonymous 2015-12-15 19:25:31 Post No.51881631 [Report]

>>51880126
Someone who holds backspace for a while deleting their mistyped username and then wonders why they are in rescue shell.

>>

Anonymous 2015-12-15 19:29:07 Post No.51881704
[Report]

Anonymous 2015-12-15 19:29:07 Post No.51881704 [Report]

>>51880126
Not even that obscure of a fault. The THERAC-25 radiation therapy machine had a bug in it where if you pressed a very specific sequence of keys it would give the patient a massive dose of radiation and killed like 6 people.

>The failure only occurred when a particular nonstandard sequence of keystrokes was entered on the VT-100 terminal which controlled the PDP-11 computer: an "X" to (erroneously) select 25 MeV photon mode followed by "cursor up", "E" to (correctly) select 25 MeV Electron mode, then "Enter", all within eight seconds.[4]

>>

Anonymous 2015-12-15 19:32:13 Post No.51881763
[Report]

Anonymous 2015-12-15 19:32:13 Post No.51881763 [Report]

>>51879994
good thing i use systemd-boot

>>

Anonymous 2015-12-15 19:32:34 Post No.51881769
[Report]

Anonymous 2015-12-15 19:32:34 Post No.51881769 [Report]

this is hilarious

>>

Anonymous 2015-12-15 19:44:55 Post No.51881946
[Report]

Anonymous 2015-12-15 19:44:55 Post No.51881946 [Report]

>>51880126
The kind of autist that:
>Has c knowledge
>Has asm knowledge
>Audits the grub's source code

Or:
>>51881631

So basically, a monkey.

>>

Anonymous 2015-12-15 19:47:03 Post No.51881981
[Report]

Anonymous 2015-12-15 19:47:03 Post No.51881981 [Report]

>>51881763
>thinking that isn't backdoored by poettering

>>

Anonymous 2015-12-15 19:48:03 Post No.51881997
[Report]

Anonymous 2015-12-15 19:48:03 Post No.51881997 [Report]

>>51881981
I've backdoored poetering so it's ok

>>

Anonymous 2015-12-15 19:50:24 Post No.51882030
[Report]

Anonymous 2015-12-15 19:50:24 Post No.51882030 [Report]

>>51879994
good thing i boot from efistub directly, make entries with efibootmgr

>>

Anonymous 2015-12-15 19:53:31 Post No.51882069
[Report]

Anonymous 2015-12-15 19:53:31 Post No.51882069 [Report]

>>51882030
unmanageable when you have more than 10 boot entires

>>

Anonymous 2015-12-15 19:56:37 Post No.51882112
[Report] Image search: [Google]

Anonymous 2015-12-15 19:56:37 Post No.51882112 [Report]

File: the_wreckage_sister.png (2 MB, 1920x1080) Image search: [Google]

2 MB, 1920x1080

>>51879994
This has already been patched.

>>

Anonymous 2015-12-15 19:58:13 Post No.51882135
[Report]

Anonymous 2015-12-15 19:58:13 Post No.51882135 [Report]

>>51879994
meh.... this is hardly an issue really.... thats like calling single user mode on OSX a backdoor.

If someone has access to your box and your stuff isn't encrypted this doesn't really affect anything.

>>

Anonymous 2015-12-15 20:00:26 Post No.51882169
[Report]

Anonymous 2015-12-15 20:00:26 Post No.51882169 [Report]

>>51882069
i will take your word for it, but why do you have 10 boot entries?

>>

Anonymous 2015-12-15 20:14:42 Post No.51882339
[Report]

Anonymous 2015-12-15 20:14:42 Post No.51882339 [Report]

>>51882112
Where is the plane?

>>

Anonymous 2015-12-15 20:29:35 Post No.51882530
[Report]

Anonymous 2015-12-15 20:29:35 Post No.51882530 [Report]

>>51882169
I quadruple boot ubuntu, mint, kali, and windows 10

>>

Anonymous 2015-12-15 20:37:21 Post No.51882618
[Report]

Anonymous 2015-12-15 20:37:21 Post No.51882618 [Report]

>>51882530
that sounds like 4 entries to me.