0day grub2
A vulnerability in Grub2 has been found. Versions from 1.98 (December, 2009) to 2.02 (December, 2015) are affected. The vulnerability can be exploited under certain circumstances, allowing local attackers to bypass any kind of authentication (plain or hashed passwords). And so, the attacker may take control of the computer.
Grub2 is the bootloader used by most Linux systems including some embedded systems. This results in an incalculable number of affected devices.
As shown in the picture, we successfully exploited this vulnerability in a Debian 7.5 under Qemu getting a Grub rescue shell.
Am I vulnerable ?
To quickly check if your system is vulnerable, when the Grub ask you the username, press the Backspace 28 times. If your machine reboots or you get a rescue shell then your Grub is affected
http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html
Si usas grub con contrase;a, si pulsas 28 veces la tecla 'borrar' accedes al sistema. las principales distribuciones ya han enviado el parche a sus repositorios.