Password Bypass Flaw Found in GRUB2 Linux Bootloader

23 Dec 2015 | Author: | No comments yet »

Exploit Logs You Into Linux Systems After Hitting Backspace 28 Times.

Though most of you likely don’t run Linux—specifically, one using the Grub2 bootloader—you’ll surely appreciate the unintended humor of a brand-new exploit that was recently found for said bootloader. Pressing the backspace key 28 times can bypass the Grub2 bootloader’s password protection and allow a hacker to install malware on a locked-down Linux system.

A recent report by security researchers in the polytechnic university of Valencia, Spain stated that anybody can gain access to a Linux system by pressing backspace 28 times continuously. The exploit is being quickly patched by various major Linux distros, including Ubuntu, Red Hat, and Debian, and it also requires physical access to an unpatched machine to work, so it’s not the worst potential vulnerability, just one of the sillier ones. According to the duo, the Grub2 versions from 1.98 (December, 2009) to 2.02 (December, 2015) are affected, and that’s because of an integer overflow bug introduced to Grub2 back in December of 2009. “It is irresponsible for grub to lack decades-old exploit mitigations like stack cookies that could have addressed this issue”, the duo says in their paper. Without these boot options secured, attackers or malicious employees could simply boot from an alternative OS—like a live Linux installation stored on a USB drive or CD/DVD—and access files on a computer’s hard drive. Of course, it’s also possible for an attacker to remove the drive and place it in another machine that doesn’t have these restrictions, but there can be other physical access controls in place to prevent that.

Said person could then load a customized kernel and do all sorts of things to the host computer—including copying the contents of its hard drive or installing some other, harder-to-find exploit (like a rootkit) that could cause all sorts of issues for a compromised system (or, worse, other networked systems). “The attacker is able to destroy any data including the grub itself. He can go into the settings of your computer and tamper with it’s security protocols further leading to chances of internet hacks and cyber attacks.

The bug allows the one who exploits it a lot more power over the system to the point that they would have full access to the console without needing to enter any user name or password whatsoever. Customized kernels and initramfs can be loaded without your knowledge and dangerous rootkits and Trojans can be installed further causing your system to crash. At this point multiple attack scenarios are possible, including destroying all data on the disk, but for their proof-of-concept exploit the researchers chose one that’s likely to be preferred by advanced attackers: installing malware that would steal legitimate users’ encrypted home folder data after they log in and unlock it. Researchers have described a scenario in which an advanced persistent threat (APT) actor or malicious insiders exploit the vulnerability to plant a piece of malware that can be used to spy on the victim or steal sensitive information even if it is in encrypted format. Then they used it to replace a Mozilla Firefox library with a malicious one designed to open a reverse shell to a remote server whenever the browser is started by the user. “When any user executes Firefox, a reverse shell will be invoked,” the researchers said in a detailed write-up of their exploit, which they presented last week at the STIC CCN-CERT Conference in Madrid. “At this time all data of the user is deciphered, allowing us to steal any kind of information of the user.” The vulnerability, which is tracked as CVE-2015-8370, affects all versions of Grub2 from 1.98, released in December, 2009, to the current 2.02.

Essentially, when a hacker hits the backspace button 28 times, they cause an error in the systems’ memory that launches the rescue function that allows for the overiding of the normal authentication system. In October, Jim Zemlin, executive director of the Linux Foundation, warned of the security challenges that threaten the golden age of open source computing.

Here you can write a commentary on the recording "Password Bypass Flaw Found in GRUB2 Linux Bootloader".

* Required fields
All the reviews are moderated.
Our partners
Follow us
Contact us
Our contacts

ICQ: 423360519

About this site