sandabot Posted December 17, 2015 Report Share Posted December 17, 2015 So what would anyone need to bypass password protection on your computer?It just needs to hit the backspace key 28 times, for at least the computer running Linux operating system.Wait, what?A pair of security researchers from the University of Valencia have uncovered a bizarre bug in several distributions of Linux that could allow anyone to bypass any kind of authentication during boot-up just by pressing backspace key 28 times.This time, the issue is neither in a kernel nor in an operating system itself, but rather the vulnerability actually resides in Grub2, the popular Grand Unified Bootloader, which is used by most Linux systems to boot the operating system when the PC starts.The source of the vulnerability is nothing but an integer underflow fault that was introduced with single commit in Grub version 1.98 (December 2009) – b391bdb2f2c5ccf29da66cecdbfb7566656a704d – affecting the grub_password_get() function.Here's How to Exploit the VulnerabilityIf your computer system is vulnerable to this bug:Just hit the backspace key 28 times at the Grub username prompt during power-up. This will open a "Grub rescue shell" under Grub2 versions 1.98 to version 2.02.This rescue shell allows unauthenticated access to a computer and the ability to load another environment.From this shell, an attacker could gain access to all the data on your computer, and can misuse it to steal or delete all the data, or install persistent malware or rootkit, according to researchers Ismael Ripoll and Hector Marco, who published their research on Tuesday.Here's How to Protect YourselfThe Grub vulnerability affects Linux systems from December 2009 to the present date, though older Linux systems may also be affected.The good news is the researchers have made an emergency patch to fix the Grub2 vulnerability. So if you are a Linux user and worried your system might be vulnerable, you can apply this emergency patch, available here.Meanwhile, many major distributions, including Ubuntu, Red Hat, and Debian have also released emergency patches to fix the issue.Linux is often thought to be a super secure operating system compare to others, and this Grub vulnerability could be a good reminder that it's high time to take physical security just as seriously as network security.sauce Quote Link to comment Share on other sites More sharing options...
theeternalwanderer Posted December 17, 2015 Report Share Posted December 17, 2015 Vulnerabilitatea exista dar ca aplicatie practica este destul de meh. Functioneaza doar daca nu ai parola pe root. Imi aduce aminte de Single Mode cu care puteai sa te loghezi direct ca root editand linia din Grub unde se incarca kernelul si ii adaugai parametrul single. Dar, din nou, functioneaza doar daca nu ai parola pe root.Un technical write-up pentru asta cu backspace: Back to 28: Grub2 Authentication Bypass 0-Day Quote Link to comment Share on other sites More sharing options...
gogusan Posted December 17, 2015 Report Share Posted December 17, 2015 Vulnerabilitatea exista dar ca aplicatie practica este destul de meh. Functioneaza doar daca nu ai parola pe root. Imi aduce aminte de Single Mode cu care puteai sa te loghezi direct ca root editand linia din Grub unde se incarca kernelul si ii adaugai parametrul single. Dar, din nou, functioneaza doar daca nu ai parola pe root.Un technical write-up pentru asta cu backspace: Back to 28: Grub2 Authentication Bypass 0-Dayda exact.[root@gicu ~]# grub-md5-cryptPassword: Retype password: $1$13oN/1$NkfcjcLPsqVVoo2LyUTEp6[root@gicu ~]# nano /boot/grub/grub.conf Quote Link to comment Share on other sites More sharing options...
