Though most of you likely don't run Linux—specifically, one using the Grub2 bootloader—you'll surely appreciate the unintended humor of a brand-new exploit that was recently found for said bootloader. The exploit is being quickly patched by various major Linux distros, including Ubuntu, Red Hat, and Debian, and it also requires physical access to an unpatched machine to work, so it's not the worst potential vulnerability, just one of the sillier ones.
As Hector Marco and Ismael Ripoll explained in a Dec. 14 security report, "To quickly check if your system is vulnerable, when the Grub ask[s] you the username, press the Backspace 28 times. If your machine reboots or you get a rescue shell then your Grub is affected."
Yes, it's that easy. After you've tapped backspace for the 28th time (on an affected system), you'll gain access to the rescue shell—giving you a lot more power over the system than you previously had. An attacker would be able to have full access to the console without needing to enter any user name or password whatsoever. Said person could then load a customized kernel and do all sorts of things to the host computer—including copying the contents of its hard drive or installing some other, harder-to-find exploit (like a rootkit) that could cause all sorts of issues for a compromised system (or, worse, other networked systems).
"The attacker is able to destroy any data including the grub itself. Even in the case that the disk is ciphered the attacker can overwrite it, causing a [denial of service]," the report reads.
If your Linux distro of choice doesn't happen to have a patch ready just yet, you can grab the emergency patch that Marco and Ripoll have created to fix the isssue—all stemming from a simple integer underflow fault that was introduced to Grub2 in December 2009.
Recommended by Our Editors
"It is irresponsible for grub to lack decades-old exploit mitigations like stack cookies that could have addressed this issue," said Dan Guido, Trail of Bits founder, in an interview with Motherboard.
Like What You're Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
Sign up for other newsletters
