CVE-2009-4128

GRUB 2 1.97 - Info Disclosure

Title source: llm

Description

GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted portion of a password with the actual password, which makes it easier for physically proximate attackers to conduct brute force attacks and bypass authentication by submitting a password whose length is 1.

References (4)

[Exploit] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555195

[Patch] http://www.securityfocus.com/bid/36968

[Mailing List] http://www.openwall.com/lists/oss-security/2024/01/15/3

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/54210

Scores

EPSS 0.0004

EPSS Percentile 11.7%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

gnu/grub_2

Timeline

Published Dec 01, 2009

Tracked Since Feb 18, 2026