Help with CVE-2016-4484

Question

So there's this vulnerability from last year called CVE-2016-4484 that allows me to get a root shell by holding down the Enter key at bootup. It works on my computer (I've tried) I'm supposed to be able to just put the following code into the command line:

sed -i 's/GRUB_CMDLINE_LINUX_DEFAULT="/GRUB_CMDLINE_LINUX_DEFAULT="panic=5 /' /etc/default/grub grub-install

However, that hasn't worked. I'm getting an error message:

sed: can't read grub-install: No such file or directory

I've already run grub-install. Can anyone help me with this? Thanks.

Byte Commander · Accepted Answer · 2017-06-18T10:59:47.733

5

From looking at your command and checking out the issue description you linked, I'm pretty sure it has to be

sudo sed -i 's/GRUB_CMDLINE_LINUX_DEFAULT="/&panic=5 /' /etc/default/grub

to edit the GRUB configuration and add the panic=5 kernel option , followed by

sudo update-grub

to update the boot loader with the changed configuration.

edited Jun 18 '17 at 10:59

answered Jun 17 '17 at 22:23

Byte Commander

110,243

sempaiscuba · Answer 2 · 2017-06-17T22:29:22.820

0

Based on this answer, I think you need to run the commands as root. Try the following:

sudo sed -i 's/GRUB_CMDLINE_LINUX_DEFAULT="/GRUB_CMDLINE_LINUX_DEFAULT="panic=5 /' /etc/default/grub grub-install
sudo grub-install

edited Jun 17 '17 at 22:29

answered Jun 17 '17 at 22:24

sempaiscuba

1,453

Help with CVE-2016-4484

2 Answers2