Severity
Medium
Vendor
grub2
Versions Affected
- Ubuntu 14.04
Description
Hector Marco and Ismael Ripoll discovered that GRUB incorrectly handled the backspace key when configured to use authentication. A local attacker could use this issue to bypass GRUB password protection.
The Cloud Foundry project released a BOSH stemcell version 3146.1 and 3156 that has the patched version of the Linux kernel.
Affected Products and Versions
Severity is medium unless otherwise noted.
- All versions of Cloud Foundry BOSH stemcells prior to 3156 are vulnerable, besides patched versions of 3146.x.
Mitigation
Users of affected versions should apply the following mitigation:
- The Cloud Foundry project recommends that Cloud Foundry deployments run with BOSH stemcells 3156 or later versions, or patched 3146.x versions.
Credit
Hector Marco and Ismael Ripoll
