CVE-2013-4577 Information

Description

A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg which allows local users to obtain password hashes as demonstrated by reading the password_pbkdf2 directive in the file.

Reference

http://seclists.org/oss-sec/2013/q4/291 http://seclists.org/oss-sec/2013/q4/292 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632598