---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Ubuntu update for grub2 SECUNIA ADVISORY ID: SA37632 VERIFY ADVISORY: http://secunia.com/advisories/37632/ DESCRIPTION: Ubuntu has issued an update for grub2. This fixes a vulnerability which can be exploited by malicious people with physical access to conduct brute force attacks. The vulnerability is caused due to the application comparing only the submitted portion of a password with the actual password. This can be exploited to bypass authentication via brute force attacks using 1 character long passwords. SOLUTION: Apply updated packages. -- Ubuntu 9.10 -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/g/grub2/grub2_1.97~beta4-1ubuntu4.1.diff.gz Size/MD5: 250341 94284059eefdd8b1a204142abedb645c http://security.ubuntu.com/ubuntu/pool/main/g/grub2/grub2_1.97~beta4-1ubuntu4.1.dsc Size/MD5: 1945 66af22931f8a965f49a26bc84c5fb9e2 http://security.ubuntu.com/ubuntu/pool/main/g/grub2/grub2_1.97~beta4.orig.tar.gz Size/MD5: 1244094 78edf78a2cf4ee39d539ba0b82a6afed amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/g/grub2/grub-common_1.97~beta4-1ubuntu4.1_amd64.deb Size/MD5: 1008342 a3cd4c29207668d03b3f0e6f94805642 http://security.ubuntu.com/ubuntu/pool/main/g/grub2/grub-pc_1.97~beta4-1ubuntu4.1_amd64.deb Size/MD5: 444642 676c9efd4f0dc53510fe200993512fc3 http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-coreboot_1.97~beta4-1ubuntu4.1_amd64.deb Size/MD5: 227576 1c99905094ad542ccb52aaf7da06a287 http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-efi-amd64_1.97~beta4-1ubuntu4.1_amd64.deb Size/MD5: 297472 329b8b5e30b12106a9c811e082721436 http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-efi-ia32_1.97~beta4-1ubuntu4.1_amd64.deb Size/MD5: 250536 e739653b2e0028893df0b8a1aaf82c69 http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-efi_1.97~beta4-1ubuntu4.1_amd64.deb Size/MD5: 1476 f3e99ae5c03700476811c248cb4a14c9 http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-emu_1.97~beta4-1ubuntu4.1_amd64.deb Size/MD5: 345940 13b038768ebe93df1520db2111ccd751 http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-firmware-qemu_1.97~beta4-1ubuntu4.1_amd64.deb Size/MD5: 400562 3e6bad6edb5ca1813aa2fa3d639e810a http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-ieee1275_1.97~beta4-1ubuntu4.1_amd64.deb Size/MD5: 214358 f42279a0623bd57be2bcd7ff7cd55bf5 http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-linuxbios_1.97~beta4-1ubuntu4.1_amd64.deb Size/MD5: 1470 2c1a2294f6e47b25c7ba6aae15540b18 http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-rescue-pc_1.97~beta4-1ubuntu4.1_amd64.deb Size/MD5: 752180 c4e35cf34426692f56054a2b684caee6 http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub2_1.97~beta4-1ubuntu4.1_amd64.deb Size/MD5: 2606 7bf8e3b76a2fb80395200fdb34ce92c3 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/g/grub2/grub-common_1.97~beta4-1ubuntu4.1_i386.deb Size/MD5: 994122 9ca29e8e186c28bcb6e2ca110ce5c678 http://security.ubuntu.com/ubuntu/pool/main/g/grub2/grub-pc_1.97~beta4-1ubuntu4.1_i386.deb Size/MD5: 433532 c2cd60a80ad48983a196b071abd54fb7 http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-coreboot_1.97~beta4-1ubuntu4.1_i386.deb Size/MD5: 227602 5cfd70769ecc58b804d6b8161a617863 http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-efi-amd64_1.97~beta4-1ubuntu4.1_i386.deb Size/MD5: 296628 d7c63b6bf1bd1d0ba2c3a0a97adc3cf5 http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-efi-ia32_1.97~beta4-1ubuntu4.1_i386.deb Size/MD5: 249016 51f9c46b8e7ad9d69041018b408dfa52 http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-efi_1.97~beta4-1ubuntu4.1_i386.deb Size/MD5: 1478 e58af38d18d4fc457279041b95a7f47b http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-emu_1.97~beta4-1ubuntu4.1_i386.deb Size/MD5: 327234 23389dcc94cae8666a9468b817c6d55d http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-firmware-qemu_1.97~beta4-1ubuntu4.1_i386.deb Size/MD5: 400558 c483aa4407641f759bf6d6e919f4cf4d http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-ieee1275_1.97~beta4-1ubuntu4.1_i386.deb Size/MD5: 214362 04fea0a758a1f151fc11b5b7263d55fc http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-linuxbios_1.97~beta4-1ubuntu4.1_i386.deb Size/MD5: 1470 2c0ac267a93d49078a396c0461d85eef http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub-rescue-pc_1.97~beta4-1ubuntu4.1_i386.deb Size/MD5: 752154 3b45262773f36cfa0418d3dbd106a371 http://security.ubuntu.com/ubuntu/pool/universe/g/grub2/grub2_1.97~beta4-1ubuntu4.1_i386.deb Size/MD5: 2610 d6a3595f00a9f78fd007637f6fca9504 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/g/grub2/grub-common_1.97~beta4-1ubuntu4.1_lpia.deb Size/MD5: 994762 593e7cbb941e44b3ce873ec4e0e5e10e http://ports.ubuntu.com/pool/main/g/grub2/grub-pc_1.97~beta4-1ubuntu4.1_lpia.deb Size/MD5: 428152 f1d4e8bef9edbfe16e79232de6d5c28b http://ports.ubuntu.com/pool/universe/g/grub2/grub-efi-ia32_1.97~beta4-1ubuntu4.1_lpia.deb Size/MD5: 249668 c07a97cc2e04ebf1f551652dd5fe89f7 http://ports.ubuntu.com/pool/universe/g/grub2/grub-efi_1.97~beta4-1ubuntu4.1_lpia.deb Size/MD5: 1476 28da02262428fe931fe85d5ff650cd97 http://ports.ubuntu.com/pool/universe/g/grub2/grub-emu_1.97~beta4-1ubuntu4.1_lpia.deb Size/MD5: 328712 ddb8770c9770c923f4c9b93d91221f41 http://ports.ubuntu.com/pool/universe/g/grub2/grub-firmware-qemu_1.97~beta4-1ubuntu4.1_lpia.deb Size/MD5: 400586 70d2ac9b2f4d3f8b46635df8a4798de1 http://ports.ubuntu.com/pool/universe/g/grub2/grub-ieee1275_1.97~beta4-1ubuntu4.1_lpia.deb Size/MD5: 214528 5247f468e60f5ac431514fa9c070b2ac http://ports.ubuntu.com/pool/universe/g/grub2/grub-linuxbios_1.97~beta4-1ubuntu4.1_lpia.deb Size/MD5: 199482 a710f7be88ee6a8b0a1b3ff134ab43be http://ports.ubuntu.com/pool/universe/g/grub2/grub-rescue-pc_1.97~beta4-1ubuntu4.1_lpia.deb Size/MD5: 741660 8d4127f5f6651a592f6b91ac9152c60c http://ports.ubuntu.com/pool/universe/g/grub2/grub2_1.97~beta4-1ubuntu4.1_lpia.deb Size/MD5: 2602 11d90bd876010d9334275515a6908915 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/g/grub2/grub-common_1.97~beta4-1ubuntu4.1_sparc.deb Size/MD5: 1002148 66abb79f534f3d55e45c51859c618a06 http://ports.ubuntu.com/pool/universe/g/grub2/grub-emu_1.97~beta4-1ubuntu4.1_sparc.deb Size/MD5: 332094 bacedc782f461faed75006715ee955e6 http://ports.ubuntu.com/pool/universe/g/grub2/grub-ieee1275_1.97~beta4-1ubuntu4.1_sparc.deb Size/MD5: 334620 e37a7b515ea456152f714caf796de3c0 http://ports.ubuntu.com/pool/universe/g/grub2/grub2_1.97~beta4-1ubuntu4.1_sparc.deb Size/MD5: 2620 331f84d64fbef94c1b6a97425009db0c ORIGINAL ADVISORY: USN-868-1: http://www.ubuntu.com/usn/USN-868-1 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------