Linux Machines Can Be Hacked by Pressing Backspace 28 Times

Linux Machines Can Be Hacked

A Pair of Spanish cybersecurity researchers have discovered a Linux vulnerability that could allow anyone with physical access to a system to log in without a password and launch a variety of attacks. The vulnerability, found in versions of the commonly used Grub2 (GNU Grand Unified Bootloader) bootloader released since 2009, can be exploited by hitting the backspace key 28 times. Named CVE-2015-8370, the vulnerability has a medium severity rating, according to the National Institute of Standards and Technology’s National Cyber Awareness System notice. The bug can be easily fixed, according to the researchers who discovered it, and a number of patches are now available.

Introduced into the Grub coding in December 2009, the vulnerability has raised some suspicions that it might be the work of the National Security Agency or a similar organization. A commenter on reddit’s Linux thread, for instance, noted, “This is exactly the kind of highly-useful bug with plausible deniability that I’d expect to be introduced ‘accidentally by governmental agencies’s agents.”

See also  Red Hat Launches Linux-Based OpenStack Platform, Targets VMware For Control Of The Data Center

‘Incalculable Number of Affected Devices’

Hector Marco-Gisbert and Ismael Ripoll, members of the cybersecurity group at Spain’s Polytechnic University of València, published their description of the Grub2 authentication bypass zero-day vulnerability on December 14, several days after disclosing it to CCN-CERT, the Spanish National Cryptologic Center.

“Grub2 is the bootloader used by most Linux systems including some embedded systems,” Marco-Gisbert and Ripoll said in their description of the vulnerability. “This results in an incalculable number of affected devices.”

The researchers said they were able to exploit the vulnerability using QEMU (short for Quick Emulator) running Debian 7.5. The bug allowed them to obtain a Grub rescue shell, from which they could gain entry to the system without a username or password, and potentially introduce malware, destroy data or launch a denial of service attack.

See also  How OpenStack parallels the adoption of Linux

Easy Check for Bug

Users can quickly and easily check for the vulnerability in their systems by pressing the backspace key 28 times when Grub asks for a username, according to Marco-Gisbert and Ripoll. “If your machine reboots or you get a rescue shell then your Grub is affected,” they said.

In addition to fixes being made available by GNU/Linux vendors, an emergency patch was also posted by the researchers on the main Grub2 Git repository. Any GNU/Linux user with Grub2 using password protection should update to a patched version, even if the attack described by the researchers is not easily launched without physical access to a system and could require significantly different approaches on different systems.

See also  Running mission-critical applications on Enterprise Linux servers

“As can be seen, the successful exploitation depends on many things: the BIOS version, the GRUB version, the amount of RAM, and whatever that modifies the memory layout,” Marco-Gisbert and Ripoll noted. “And each system requires a deep analysis to build the specific exploit.”

Original Article

How to Reset the Directory Manager Password on RHEL 7 / CentOS 7
How to Reset the Directory Manager Password on RHEL 7 / CentOS 7

It is best practice to remember passwords, but because too many passwords, sometimes we forget. We are not encouraged to write the password on any paper or share the password...

How to Find Big Files Size on Linux RHEL/CentOS
How to Find Big Files Size on Linux RHEL/CentOS

As the linux administrator, sometimes we have to identify which files are most take much space in the linux server resulting in low free space. Low disk space can also...

Why Linux users should worry about malware and what they can do about it
Why Linux users should worry about malware and what they can do about it

Don’t drop your guard just because you’re running Linux. Preventing the spread of malware and/or dealing with the consequences of infection are a fact of life when using computers. If...

How to Reset Forgotten Root Password on Linux RHEL 7 / CentOS 7
How to Reset Forgotten Root Password on Linux RHEL 7 / CentOS 7

This short howto will explain the steps to reset a lost root password or to reset a forgotten root password on Linux RHEL 7 or CentOS 7. Basically, we will...

How to Update CentOS or Upgrade CentOS to the Latest Version
How to Update CentOS or Upgrade CentOS to the Latest Version

Recently, the latest version of CentOS 7.3 was released. All users of CentOS 7.0, 7.1 and 7.2 can upgrade their system to the most recent. This quick guide will explain...

How to Change your WordPress Username, Nickname and Display Name in MySQL
How to Change your WordPress Username, Nickname and Display Name in MySQL

After you create an account log in WordPress, you may want to change your WordPress username, as appropriate or due to security reason. However, you can not do this from...

How to Enable SSH Root Login on Ubuntu 16.04
How to Enable SSH Root Login on Ubuntu 16.04

As what we wrote in the previous article on how to allow SSH root on Ubuntu 14.04, after installing a fresh new copy of Ubuntu 16.04 LTS, we find that...

How to Change UUID of Linux Partition on CentOS 7
How to Change UUID of Linux Partition on CentOS 7

UUID (Universally Unique IDentifier) should be unique and it is used to identify storage devices on a linux system. If you cloned a virtual machine from vCenter, the metadata containing...

Leave a Reply

Your email address will not be published. Required fields are marked *