SuSE 8.1's "gfxmenu" which is configured into GRUB by default on many machines allows the user to pass in additional kernel boot parameters without entering the password, even though one is configured in the GRUB configuration file.
Credit:
The information has been provided by Matthias Andree.
How to check whether you are vulnerable:
As no fix is known at the moment, just reading the /boot/grub/menu.lst configuration file is sufficient. If yours has a line that starts with "gfxmenu", the computer is vulnerable.
Impact:
A malicious user who can make the computer reboot can for example append init=/bin/bash to defeat the regular boot procedures to bypass the root password and steal data or install backdoors.
Workaround:
Remove the gfxboot line from /boot/grub/menu.lst.
Vendor status:
2002-11-27 v1.0 initial announcement, disclosed to SuSE Security only.
2002-11-29 extended schedule to 2002-12-13, 24:00 GMT
2002-12-03 original schedule date for publication
2002-12-13 deadline. public announcement will be made on this day at the latest.
2002-12-13 v1.1 reword first paragraph, not all machines enable gfxmenu by default, add section on checking for the problem.
2002-12-14 sent this announcement to vulnwatch and bugtraq, a workaround is documented, so holding back the announcement makes no sense.
