Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-4867.NASL
HistoryMar 03, 2021 - 12:00 a.m.

Debian DSA-4867-1 : grub2 - security update

2021-03-0300:00:00
This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
28

8.4 High

AI Score

Confidence

High

JSON

Several vulnerabilities have been discovered in the GRUB2 bootloader.

  • CVE-2020-14372 It was discovered that the acpi command allows a privileged user to load crafted ACPI tables when Secure Boot is enabled.

  • CVE-2020-25632 A use-after-free vulnerability was found in the rmmod command.

  • CVE-2020-25647 An out-of-bound write vulnerability was found in the grub_usb_device_initialize() function, which is called to handle USB device initialization.

  • CVE-2020-27749 A stack-based buffer overflow flaw was found in grub_parser_split_cmdline.

  • CVE-2020-27779 It was discovered that the cutmem command allows a privileged user to remove memory regions when Secure Boot is enabled.

  • CVE-2021-20225 A heap out-of-bounds write vulnerability was found in the short form option parser.

  • CVE-2021-20233 A heap out-of-bound write flaw was found caused by mis-calculation of space required for quoting in the menu rendering.

Further detailed information can be found at https://www.debian.org/security/2021-GRUB-UEFI-SecureBoot

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-4867. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('compat.inc');

if (description)
{
  script_id(146986);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/18");

  script_cve_id(
    "CVE-2020-14372",
    "CVE-2020-25632",
    "CVE-2020-25647",
    "CVE-2020-27749",
    "CVE-2020-27779",
    "CVE-2021-20225",
    "CVE-2021-20233"
  );
  script_xref(name:"DSA", value:"4867");

  script_name(english:"Debian DSA-4867-1 : grub2 - security update");

  script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing a security-related update.");
  script_set_attribute(attribute:"description", value:
"Several vulnerabilities have been discovered in the GRUB2 bootloader.

  - CVE-2020-14372
    It was discovered that the acpi command allows a
    privileged user to load crafted ACPI tables when Secure
    Boot is enabled.

  - CVE-2020-25632
    A use-after-free vulnerability was found in the rmmod
    command.

  - CVE-2020-25647
    An out-of-bound write vulnerability was found in the
    grub_usb_device_initialize() function, which is called
    to handle USB device initialization.

  - CVE-2020-27749
    A stack-based buffer overflow flaw was found in
    grub_parser_split_cmdline.

  - CVE-2020-27779
    It was discovered that the cutmem command allows a
    privileged user to remove memory regions when Secure
    Boot is enabled.

  - CVE-2021-20225
    A heap out-of-bounds write vulnerability was found in
    the short form option parser.

  - CVE-2021-20233
    A heap out-of-bound write flaw was found caused by
    mis-calculation of space required for quoting in the
    menu rendering.

Further detailed information can be found at
https://www.debian.org/security/2021-GRUB-UEFI-SecureBoot");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-14372");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-25632");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-25647");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-27749");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-27779");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2021-20225");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2021-20233");
  script_set_attribute(attribute:"see_also", value:"https://www.debian.org/security/2021-GRUB-UEFI-SecureBoot");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/grub2");
  script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/buster/grub2");
  script_set_attribute(attribute:"see_also", value:"https://www.debian.org/security/2021/dsa-4867");
  script_set_attribute(attribute:"solution", value:
"Upgrade the grub2 packages.

For the stable distribution (buster), these problems have been fixed
in version 2.02+dfsg1-20+deb10u4.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-20233");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/03/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/03/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/03/03");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:grub2");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:10.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Debian Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"10.0", prefix:"grub-common", reference:"2.02+dfsg1-20+deb10u4")) flag++;
if (deb_check(release:"10.0", prefix:"grub-coreboot", reference:"2.02+dfsg1-20+deb10u4")) flag++;
if (deb_check(release:"10.0", prefix:"grub-coreboot-bin", reference:"2.02+dfsg1-20+deb10u4")) flag++;
if (deb_check(release:"10.0", prefix:"grub-coreboot-dbg", reference:"2.02+dfsg1-20+deb10u4")) flag++;
if (deb_check(release:"10.0", prefix:"grub-efi", reference:"2.02+dfsg1-20+deb10u4")) flag++;
if (deb_check(release:"10.0", prefix:"grub-efi-amd64", reference:"2.02+dfsg1-20+deb10u4")) flag++;
if (deb_check(release:"10.0", prefix:"grub-efi-amd64-bin", reference:"2.02+dfsg1-20+deb10u4")) flag++;
if (deb_check(release:"10.0", prefix:"grub-efi-amd64-dbg", reference:"2.02+dfsg1-20+deb10u4")) flag++;
if (deb_check(release:"10.0", prefix:"grub-efi-amd64-signed-template", reference:"2.02+dfsg1-20+deb10u4")) flag++;
if (deb_check(release:"10.0", prefix:"grub-efi-arm", reference:"2.02+dfsg1-20+deb10u4")) flag++;
if (deb_check(release:"10.0", prefix:"grub-efi-arm-bin", reference:"2.02+dfsg1-20+deb10u4")) flag++;
if (deb_check(release:"10.0", prefix:"grub-efi-arm-dbg", reference:"2.02+dfsg1-20+deb10u4")) flag++;
if (deb_check(release:"10.0", prefix:"grub-efi-arm64", reference:"2.02+dfsg1-20+deb10u4")) flag++;
if (deb_check(release:"10.0", prefix:"grub-efi-arm64-bin", reference:"2.02+dfsg1-20+deb10u4")) flag++;
if (deb_check(release:"10.0", prefix:"grub-efi-arm64-dbg", reference:"2.02+dfsg1-20+deb10u4")) flag++;
if (deb_check(release:"10.0", prefix:"grub-efi-arm64-signed-template", reference:"2.02+dfsg1-20+deb10u4")) flag++;
if (deb_check(release:"10.0", prefix:"grub-efi-ia32", reference:"2.02+dfsg1-20+deb10u4")) flag++;
if (deb_check(release:"10.0", prefix:"grub-efi-ia32-bin", reference:"2.02+dfsg1-20+deb10u4")) flag++;
if (deb_check(release:"10.0", prefix:"grub-efi-ia32-dbg", reference:"2.02+dfsg1-20+deb10u4")) flag++;
if (deb_check(release:"10.0", prefix:"grub-efi-ia32-signed-template", reference:"2.02+dfsg1-20+deb10u4")) flag++;
if (deb_check(release:"10.0", prefix:"grub-emu", reference:"2.02+dfsg1-20+deb10u4")) flag++;
if (deb_check(release:"10.0", prefix:"grub-emu-dbg", reference:"2.02+dfsg1-20+deb10u4")) flag++;
if (deb_check(release:"10.0", prefix:"grub-firmware-qemu", reference:"2.02+dfsg1-20+deb10u4")) flag++;
if (deb_check(release:"10.0", prefix:"grub-ieee1275", reference:"2.02+dfsg1-20+deb10u4")) flag++;
if (deb_check(release:"10.0", prefix:"grub-ieee1275-bin", reference:"2.02+dfsg1-20+deb10u4")) flag++;
if (deb_check(release:"10.0", prefix:"grub-ieee1275-dbg", reference:"2.02+dfsg1-20+deb10u4")) flag++;
if (deb_check(release:"10.0", prefix:"grub-linuxbios", reference:"2.02+dfsg1-20+deb10u4")) flag++;
if (deb_check(release:"10.0", prefix:"grub-mount-udeb", reference:"2.02+dfsg1-20+deb10u4")) flag++;
if (deb_check(release:"10.0", prefix:"grub-pc", reference:"2.02+dfsg1-20+deb10u4")) flag++;
if (deb_check(release:"10.0", prefix:"grub-pc-bin", reference:"2.02+dfsg1-20+deb10u4")) flag++;
if (deb_check(release:"10.0", prefix:"grub-pc-dbg", reference:"2.02+dfsg1-20+deb10u4")) flag++;
if (deb_check(release:"10.0", prefix:"grub-rescue-pc", reference:"2.02+dfsg1-20+deb10u4")) flag++;
if (deb_check(release:"10.0", prefix:"grub-theme-starfield", reference:"2.02+dfsg1-20+deb10u4")) flag++;
if (deb_check(release:"10.0", prefix:"grub-uboot", reference:"2.02+dfsg1-20+deb10u4")) flag++;
if (deb_check(release:"10.0", prefix:"grub-uboot-bin", reference:"2.02+dfsg1-20+deb10u4")) flag++;
if (deb_check(release:"10.0", prefix:"grub-uboot-dbg", reference:"2.02+dfsg1-20+deb10u4")) flag++;
if (deb_check(release:"10.0", prefix:"grub-xen", reference:"2.02+dfsg1-20+deb10u4")) flag++;
if (deb_check(release:"10.0", prefix:"grub-xen-bin", reference:"2.02+dfsg1-20+deb10u4")) flag++;
if (deb_check(release:"10.0", prefix:"grub-xen-dbg", reference:"2.02+dfsg1-20+deb10u4")) flag++;
if (deb_check(release:"10.0", prefix:"grub-xen-host", reference:"2.02+dfsg1-20+deb10u4")) flag++;
if (deb_check(release:"10.0", prefix:"grub-yeeloong", reference:"2.02+dfsg1-20+deb10u4")) flag++;
if (deb_check(release:"10.0", prefix:"grub-yeeloong-bin", reference:"2.02+dfsg1-20+deb10u4")) flag++;
if (deb_check(release:"10.0", prefix:"grub-yeeloong-dbg", reference:"2.02+dfsg1-20+deb10u4")) flag++;
if (deb_check(release:"10.0", prefix:"grub2", reference:"2.02+dfsg1-20+deb10u4")) flag++;
if (deb_check(release:"10.0", prefix:"grub2-common", reference:"2.02+dfsg1-20+deb10u4")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxgrub2p-cpe:/a:debian:debian_linux:grub2
debiandebian_linux10.0cpe:/o:debian:debian_linux:10.0

References

Related

nessus 63
oraclelinux 4
fedora 6
redhat 14
amazon 2
almalinux 3
rocky 2
osv 12
debian 2
archlinux 1
suse 1
ubuntu 1
ibm 1
photon 8
hp 2
rosalinux 2
mageia 2
gentoo 1
mscve 1
redos 1
veracode 7
prion 7
debiancve 7
cbl_mariner 14
redhatcve 8
cve 7
githubexploit 1
ubuntucve 7
alpinelinux 7
ics 1
nessus
nessus
SUSE SLES12 Security Update : grub2 (SUSE-SU-2021:0681-1)
2021-03-03 00:00:00
RHEL 7 : grub2 (RHSA-2021:0704)
2021-03-02 00:00:00
Oracle Linux 8 : SUMM: / grub2 (ELSA-2021-0696)
2021-03-05 00:00:00
oraclelinux
oraclelinux
grub2 security update
2021-03-05 00:00:00
grub2 security update
2021-03-02 00:00:00
grub2 security update
2021-03-02 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: grub2-2.06~rc1-2.fc34
2021-03-26 00:18:32
[SECURITY] Fedora 34 Update: efi-rpm-macros-5-2.fc34
2021-04-23 21:04:07
[SECURITY] Fedora 34 Update: shim-unsigned-aarch64-15.4-1.fc34
2021-04-23 21:04:07
redhat
redhat
(RHSA-2021:0703) Moderate: grub2 security update
2021-03-02 18:59:01
(RHSA-2021:2566) Moderate: fwupd security update
2021-06-29 13:41:47
(RHSA-2021:3675) Moderate: shim and fwupd security update
2021-09-28 13:52:23
amazon
amazon
Medium: grub2
2021-07-14 20:30:00
Medium: grub2
2021-07-14 20:30:00
almalinux
almalinux
Moderate: fwupd security update
2021-06-29 13:41:47
Moderate: grub2 security update
2021-03-02 18:54:21
Moderate: shim security update
2021-05-18 05:57:10
rocky
rocky
fwupd security update
2021-06-29 13:41:47
shim security update
2021-05-18 05:57:10
osv
osv
Moderate: shim security update
2021-05-18 05:57:10
Moderate: shim security update
2021-05-18 05:57:10
grub2 - security update
2021-03-02 00:00:00
debian
debian
[SECURITY] [DSA 4867-1] grub2 security update
2021-03-02 18:11:33
[SECURITY] [DSA 4867-1] grub2 security update
2021-03-02 18:11:33
archlinux
archlinux
[ASA-202106-43] grub: multiple issues
2021-06-15 00:00:00
suse
suse
Security update for grub2 (important)
2021-03-22 00:00:00
ubuntu
ubuntu
GRUB 2 vulnerabilities
2021-06-18 00:00:00
ibm
ibm
Security Bulletin: GRUB2 as used by IBM QRadar SIEM is vulnerable to arbitrary code execution
2021-07-26 13:09:02
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0376
2021-03-31 00:00:00
Important Photon OS Security Update - PHSA-2021-0202
2021-03-03 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0334
2021-04-02 00:00:00
hp
hp
HP PC UEFI Secure Boot Database Update July 2022
2022-07-21 00:00:00
HPSBHF03678 rev. 2 - GRUB2 Bootloader Arbitrary Code Execution
2020-07-25 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2300
2023-12-05 10:31:19
Advisory ROSA-SA-2021-1849
2021-07-02 17:01:29
mageia
mageia
Updated grub2 packages fix security vulnerabilities
2021-07-09 01:43:19
Updated gnutls packages fix security vulnerabilities
2021-06-29 00:16:35
gentoo
gentoo
GRUB: Multiple vulnerabilities
2021-04-30 00:00:00
mscve
mscve
Microsoft Guidance for Addressing Security Feature Bypass in GRUB
2020-07-29 07:00:00
redos
redos
ROS-20220920-01
2022-09-20 00:00:00
veracode
veracode
Privilege Escalation
2021-03-03 05:51:57
Arbitrary Code Execution
2021-03-03 08:01:56
Arbitrary Code Execution
2021-03-03 06:00:37
prion
prion
Design/Logic Flaw
2021-03-03 17:15:00
Design/Logic Flaw
2021-03-03 17:15:00
Design/Logic Flaw
2021-03-03 17:15:00
debiancve
debiancve
CVE-2020-27749
2021-03-03 17:15:00
CVE-2021-20225
2021-03-03 17:15:00
CVE-2020-27779
2021-03-03 17:15:00
cbl_mariner
cbl_mariner
CVE-2020-27749 affecting package grub2 2.06~rc1-7
2022-04-26 20:17:11
CVE-2020-25632 affecting package grub2 2.06~rc1-7
2022-04-26 20:17:11
CVE-2020-25632 affecting package grub2 2.06~rc1-10
2021-05-06 23:56:52
redhatcve
redhatcve
CVE-2020-14372
2021-03-02 18:03:04
CVE-2020-25632
2021-03-02 18:33:21
CVE-2021-20225
2021-03-02 21:13:28
cve
cve
CVE-2020-25632
2021-03-03 17:15:00
CVE-2020-27749
2021-03-03 17:15:00
CVE-2020-25647
2021-03-03 17:15:00
githubexploit
githubexploit
Exploit for Incomplete List of Disallowed Inputs in Gnu Grub2
2021-04-19 23:36:25
ubuntucve
ubuntucve
CVE-2020-25632
2021-03-02 00:00:00
CVE-2020-27779
2021-03-02 00:00:00
CVE-2021-20225
2021-03-02 00:00:00
alpinelinux
alpinelinux
CVE-2020-25632
2021-03-03 17:15:00
CVE-2020-14372
2021-03-03 17:15:00
CVE-2021-20225
2021-03-03 17:15:00
ics
ics
Hitachi Energy APM Edge (Update A)
2022-10-18 12:00:00

8.4 High

AI Score

Confidence

High

JSON
Related for DEBIAN_DSA-4867.NASL
nessus63oraclelinux4fedora6redhat14amazon2almalinux3rocky2osv12debian2archlinux1suse1ubuntu1ibm1photon8hp2rosalinux2mageia2gentoo1mscve1redos1veracode7prion7debiancve7cbl_mariner14redhatcve8cve7githubexploit1ubuntucve7alpinelinux7ics1