CVE-2009-4128

描述

GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted portion of a password with the actual password, which makes it easier for physically proximate attackers to conduct brute force attacks and bypass authentication by submitting a password whose length is 1.

如何修補 CVE-2009-4128

要修補 CVE-2009-4128,請將受影響套件升級到下列已修補版本。

• Debian/grub2—升級至 1.97+20091115-1 或更新版本

CVE-2009-4128 正在被利用嗎?

低 — EPSS 為 0.0%,目前沒有觀察到大規模利用活動。

受影響套件(1)

• from 0, < 1.97+20091115-1

參考連結(1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2009-4128