CVE-2009-4128

GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted portion of a password with the actual password, which makes it easier for physically proximate attackers to conduct brute force attacks and bypass authentication by submitting a password whose length is 1.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 11%
VendorProductVersion
gnugrub_2
1.97
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
grub
bullseye
0.97-77
fixed
lenny
not-affected
bookworm
0.97-80
fixed
trixie
0.97-82
fixed
sid
0.97-83
fixed
grub2
bullseye (security)
2.06-3~deb11u6
fixed
bullseye
2.06-3~deb11u6
fixed
lenny
not-affected
bookworm
2.06-13+deb12u1
fixed
bookworm (security)
2.06-13+deb12u1
fixed
sid
2.12-5
fixed
trixie
2.12-5
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
grub2
karmic
Fixed 1.97~beta4-1ubuntu4.1
released
jaunty
not-affected
intrepid
not-affected
hardy
not-affected
dapper
not-affected
Common Weakness Enumeration
References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555195
http://www.openwall.com/lists/oss-security/2024/01/15/3
http://www.securityfocus.com/bid/36968
https://exchange.xforce.ibmcloud.com/vulnerabilities/54210
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555195
http://www.openwall.com/lists/oss-security/2024/01/15/3
http://www.securityfocus.com/bid/36968
https://exchange.xforce.ibmcloud.com/vulnerabilities/54210