These are two computer security researchers from the University of Valencia who have discovered this strange bug nestled in multiple Linux distributions. It bypasses any authentication when starting the machine by simply pressing backspace (sometimes also referred to ‘Del’ or ‘Delete’) 28 times. The vulnerability does not lie in the kernel, but in Grub2 (Grand Unified Bootloader), used by most Linux distributions to boot the operating system when the machine is on.
> Diagram published by the researchers Marco and Hector Ismael Ripoll as part of their research. The 16 bytes of the 28 entries backspace cause a rift in Grub. (Source: Ismael Ripoll and Hector Marco)
Born in 1995 under the fingers of the developer Erich Boleyn, Grub is a
Loader (boot loader in English). Is the first software that
is running when a computer starts. Then it transfers control
the Linux operating system kernel software. This last
initializes the GNU system. The source of vulnerability from a integer overflow flaw added to the 1.98 version of Grub, dated December 2009. – b391bdb2f2c5ccf29da66cecdbfb7566656a704d – affects the grub_password_get ()
Here’s how to exploit this vulnerability Linux: If your computer is vulnerable to this bug, just type 28 times the backspace key when prompted for the user name Grub when starting the machine. This opens a “Grub rescue shell” under the 1.98 versions 2.02 Grub2. And this “Grub rescue shell” allows unauthenticated access to the computer, like the ability to load a different environment. From this shell, an attacker could gain access to all the computer data, copy and delete them. The attacker can also install on the machine with malware or rootkit, researchers say Ismael Ripoll and Hector Marco, who published their research last Tuesday
And here is how to protect the Linux System.: The vulnerability affects versions of Grub published from December 2009 to date, but older Linux systems can also be compromised. The good news is that the two researchers created an emergency patch, available here. Moreover, many distributions, including Ubuntu, Red Hat and Debian have also issued an emergency patch to fix the problem.
If Linux is often considered an ultra secure operating system ( compared to the other), this vulnerability Grub is certainly a healthy reminder that it is time to consider the physical security of the machines as seriously as network security.
No comments:
Post a Comment