Vulnerablity in Linux Distros

cloudmatecloudmate NAT Warrior
in Computers & Technology

VULNERABLITY DETECTED IN 2015. While between All Linux Distros from 2009-2015 are affected by this.
If you press the backspace key 28 times on a locked-down Linux machine you want to access, a Grub2 bootloader flaw will allow you to break through password protection and wreck havoc in the system.

Researchers Hector Marco and Ismael Ripoll from the Cybersecurity Group at Universitat Politècnica de València recently discovered the vulnerability within GRUB, the bootloader used by most Linux distros.

As reported by PC World, the bootloader is used to initialize a Linux system at start and uses a password management system to protect boot entries -- which not only prevents tampering but also can be used to disable peripheries such as CD-ROMs and USB ports.

Without GRUB password protection, an attacker could also boot a system from a live USB key, switching the operating system in order to access files stored on the machine's hard drives.

The researchers discovered the flaw within GRUB2, of which versions 1.98 to 2.02 are affected. These versions were released between 2009 and 2015, which makes the vulnerability a long-standing and serious problem.

In a security advisory, Marco and Ripoli said the bootloader is used by most Linux distributions, resulting in an "incalculable number of affected devices."

EXTRA!🤞 (I am not responsible for what the F you go and do to others. So be cautious!)
Exploiting the flaw -- and checking if you are vulnerable -- is simple. When the bootloader asks for a username, simply press the backspace button 28 times. If vulnerable, the machine will reboot or you will encounter a Grub rescue shell. (Tried with GRUB2 V2.01 using Dual Boot[Ubuntu 14.04]and it Worked!)

Shared Hosting | VPS Servers | Dedicated Servers

Ankesh Anand
CloudMate Softwares
Managing Director
ankesh@cloudmate.in

Thanked by [2] : DeluxeNames Merkin

Comments

  • iamdahmmyiamdahmmy Link Clerk

    I'm not sure of the version of the bootloader that comes with my Linux system but I hope the GRIB2 version is not between 1.98 2.02. I guess I will need to press my backspace 28 times when the bootloader asks for my username to find out if my system is vulnerable. I'm really scared

    Thanked by [1] : Merkin
Sign In or Register to comment.