starbuck Posted December 21, 2015 Posted December 21, 2015 A rather embarrassing bug has been discovered which allows anyone to break into a Linux machine with ease. If you press the backspace key 28 times on a locked-down Linux machine you want to access, a Grub2 bootloader flaw will allow you to break through password protection and wreck havoc in the system. Researchers Hector Marco and Ismael Ripoll from the Cybersecurity Group at Universitat Politècnica de València recently discovered the vulnerability within GRUB, the bootloader used by most Linux distros. As reported by PC World, the bootloader is used to initialize a Linux system at start and uses a password management system to protect boot entries -- which not only prevents tampering but also can be used to disable peripheries such as CD-ROMs and USB ports. Without GRUB password protection, an attacker could also boot a system from a live USB key, switching the operating system in order to access files stored on the machine's hard drives. The researchers discovered the flaw within GRUB2, of which versions 1.98 to 2.02 are affected. These versions were released between 2009 and today, which makes the vulnerability a long-standing and serious problem. In a security advisory, Marco and Ripoli said the bootloader is used by most Linux distributions, resulting in an "incalculable number of affected devices." Exploiting the flaw -- and checking if you are vulnerable -- is simple. When the bootloader asks for a username, simply press the backspace button 28 times. If vulnerable, the machine will reboot or you will encounter a Grub rescue shell. The shell grants a user a full set of admin privileges -- within the rescue function only -- to load customised kernels and operating systems, install rootkits, download the full disc or destroy all data on a machine. The researchers say the fault lies within two functions; the grub_password_get() function and the andgrub_password_get() script which suffer integer overflow problems. Exploiting the flaw causes out of bounds overwrite memory errors. When a user presses backspace, the bootloader is erasing characters which do not exist -- damaging its memory enough to trigger an exception in authentication protocols. Not only does the vulnerability give attackers the chance to steal data and tamper with peripherals and passwords, but Linux entries can be modified to deploy malware. While there is an emergency patch available on Github for Linux users, the main vendors have been made aware of this security flaw. It is recommended that users update their machines as soon as patches have been deployed, but it is worth noting an attacker needs physical access to the machine to exploit the flaw. Source: http://www.zdnet.com/article/how-to-hack-any-linux-machine-just-using-backspace/#ftag=RSSbaffb68 Quote
FPCH Admin AWS Posted December 22, 2015 FPCH Admin Posted December 22, 2015 I tried this on an uBuntu install I have on my dev server. Sure enough dropped me right into rescue shell. Doesn't seem to be a patch yet for uBuntu. Quote Off Topic Forum - Unlike the Rest
starbuck Posted December 22, 2015 Author Posted December 22, 2015 Let's hope this bug gets fixed very soon then. Quote
Plastic Nev Posted December 25, 2015 Posted December 25, 2015 I have a friend and his son uses Linux, I will pass on this warning. Quote
KenJackson Posted January 2, 2016 Posted January 2, 2016 You make it sound like this is horrific. But to exploit it, the attacker must have physical, non-trivial access to your PC. No PC is guaranteed secure if you lose physical control over it. So all you have to do to avoid an exploit is to maintain physical control of your PC. That's something we should all do at all times anyway. I will confess that I don't even log out of my Linux PCs. I update the kernels perhaps every other month, reboot, log in and stay logged in until the next kernel update. Is that insecure? No. I have locked doors protecting physical access. If you break through my locked door, I have a lot more to worry about than my data. Quote
Recommended Posts