Shulou(Shulou.com)06/01 Report--

This article will explain in detail how GRUB2 native code execution vulnerability CVE-2020-10713 is. The quality of the article is high, so Xiaobian shares it with you as a reference. I hope you have a certain understanding of related knowledge after reading this article.

0x01 Vulnerability Description

On July 31, 2020, 360CERT monitoring found ecrypsium issued a risk notification for GRUB2 buffer overflow vulnerability, the vulnerability number is CVE-2020-10713, vulnerability level: high risk.

GRUB2 has a buffer overflow vulnerability that allows a native attacker to cause arbitrary code execution effects by setting a crafted grub.cfg configuration file.

In this regard, 360CERT recommends that users update GRUB2 in a timely manner. At the same time, please do a good job of asset self-examination and prevention work to avoid hacker attacks.

The upgrade of this vulnerability may cause the original system to fail to start normally. It is recommended to contact the equipment manufacturer for upgrade repair.

0x02 Risk Level

360CERT's assessment of this vulnerability is as follows

Rating Method Threat Level High Risk Impact Area General 0x03 Vulnerability Details

GRUB2 is currently the most popular boot program for *nix operating systems. It allows users to have multiple operating systems simultaneously within the computer, and supports real-time selection of the specified operating system when the computer is booted. GRUB can also be used to select different kernels on an operating system partition and to pass boot parameters to those kernels.

(Note: The boot program takes precedence over the operating system for execution and initialization. Any vulnerability in the boot program will directly affect the computer regardless of whether the operating system has vulnerabilities.)

A buffer overflow vulnerability exists in GRUB2 when processing its own configuration file grub.cfg. By creating a crafted grub.cfg file, a local attacker can gain unrestricted control of the affected device after the next reboot.

Exploitation of the vulnerability requires that an attacker has obtained maximum privileges on the operating system. The main significance of the creation is that it can provide a hidden and long-term resident high-privilege backdoor (Bootkit)

Image quoted from ecrypsium report

0x04 Impact Version

grub2：

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.