If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
Exploit Logs You Into Linux Systems After Hitting Backspace 28 Times
Though most of you likely don't run Linux—specifically, one
using the Grub2 bootloader—you'll surely appreciate the unintended humor of a brand-new exploit that was recently found for said bootloader. The exploit is being quickly patched by various major Linux distros, including Ubuntu, Red Hat, and Debian, and it also requires physical access to an unpatched machine to work, so it's not the worst potential vulnerability, just one of the sillier ones. As Hector Marco and Ismael Ripoll explained in a Dec. 14 security report, "To quickly check if your system is vulnerable, when the Grub ask[s] you the username, press the Backspace 28 times. If your machine reboots or you get a rescue shell then your Grub is affected." Yes, it's that easy. After you've tapped backspace for the 28th time (on an affected system), you'll gain access to the rescue shell—giving you a lot more power over the system than you previously had. An attacker would be able to have full access to the console without needing to enter any user name or password whatsoever. Said person could then load a customized kernel and do all sorts of things to the host computer—including copying the contents of its hard drive or installing some other, harder- to-find exploit (like a rootkit) that could cause all sorts of issues for a compromised system (or, worse, other networked systems). "The attacker is able to destroy any data including the grub itself. Even in the case that the disk is ciphered the attacker can overwrite it, causing a [denial of service]," the report reads. If your Linux distro of choice doesn't happen to have a patch ready just yet, you can grab the emergency patch that Marco and Ripoll have created to fix the isssue—all stemming from a simple integer underflow fault that was introduced to Grub2 in December 2009. "It is irresponsible for grub to lack decades-old exploit mitigations like stack cookies that could have addressed this issue," said Dan Guido, Trail of Bits founder, in an interview with Motherboard. http://www.pcmag.com/article2/0,2817,2496870,00.asp |
Ads |
#2
|
|||
|
|||
Exploit Logs You Into Linux Systems After Hitting Backspace 28 Times
On Sun, 20 Dec 2015 21:28:59 +0100, Anonymous
wrote: Though most of you likely don't run Linux—specifically, one using the Grub2 bootloader—you'll surely appreciate the unintended humor of a brand-new exploit that was recently found for said bootloader. The exploit is being quickly patched by various major Linux distros, including Ubuntu, Red Hat, and Debian, and it also requires physical access to an unpatched machine to work, so it's not the worst potential vulnerability, just one of the sillier ones. As Hector Marco and Ismael Ripoll explained in a Dec. 14 security report, "To quickly check if your system is vulnerable, when the Grub ask[s] you the username, press the Backspace 28 times. If your machine reboots or you get a rescue shell then your Grub is affected." Yes, it's that easy. After you've tapped backspace for the 28th time (on an affected system), you'll gain access to the rescue shell—giving you a lot more power over the system than you previously had. An attacker would be able to have full access to the console without needing to enter any user name or password whatsoever. Said person could then load a customized kernel and do all sorts of things to the host computer—including copying the contents of its hard drive or installing some other, harder- to-find exploit (like a rootkit) that could cause all sorts of issues for a compromised system (or, worse, other networked systems). "The attacker is able to destroy any data including the grub itself. Even in the case that the disk is ciphered the attacker can overwrite it, causing a [denial of service]," the report reads. I could do all that by booting from a Linux live CD. If you have physical access to the machine (Linux or any other OS, assuming it's not "Truly enCrypted") you have root, or admin, or whatever your OS calls it. []'s If your Linux distro of choice doesn't happen to have a patch ready just yet, you can grab the emergency patch that Marco and Ripoll have created to fix the isssue—all stemming from a simple integer underflow fault that was introduced to Grub2 in December 2009. "It is irresponsible for grub to lack decades-old exploit mitigations like stack cookies that could have addressed this issue," said Dan Guido, Trail of Bits founder, in an interview with Motherboard. http://www.pcmag.com/article2/0,2817,2496870,00.asp -- Don't be evil - Google 2004 We have a new policy - Google 2012 |
#3
|
|||
|
|||
Exploit Logs You Into Linux Systems After Hitting Backspace 28Times
Anonymous wrote this copyrighted missive and expects royalties:
Though most of you likely don't run Linux—specifically, one using the Grub2 bootloader—you'll surely appreciate the unintended humor of a brand-new exploit that was recently found for said bootloader. http://www.pcmag.com/article2/0,2817,2496870,00.asp What took you so long to post this? It's been bandied about for many days now. Already fixed, by the way. Pretty stupid bug, though. Should never have happened. -- You will win success in whatever calling you adopt. |
#4
|
|||
|
|||
Exploit Logs You Into Linux Systems After Hitting Backspace 28Times
On 12/20/15 16:38, Chris Ahlstrom so wittily quipped:
Anonymous wrote this copyrighted missive and expects royalties: Though most of you likely don't run Linux—specifically, one using the Grub2 bootloader—you'll surely appreciate the unintended humor of a brand-new exploit that was recently found for said bootloader. http://www.pcmag.com/article2/0,2817,2496870,00.asp What took you so long to post this? It's been bandied about for many days now. Already fixed, by the way. Pretty stupid bug, though. Should never have happened. with physical access to the machine, there's nothing stopping anyone from removing the hard drive, plugging in a USB hard drive adaptor thingy, and then reading it directly with another computer. so the bug is funnier than it is dangerous. |
#5
|
|||
|
|||
Exploit Logs You Into Linux Systems After Hitting Backspace 28Times
On 21/12/2015 18:06, Big Bad Bob wrote:
On 12/20/15 16:38, Chris Ahlstrom so wittily quipped: Anonymous wrote this copyrighted missive and expects royalties: Though most of you likely don't run Linux—specifically, one using the Grub2 bootloader—you'll surely appreciate the unintended humor of a brand-new exploit that was recently found for said bootloader. http://www.pcmag.com/article2/0,2817,2496870,00.asp What took you so long to post this? It's been bandied about for many days now. Already fixed, by the way. Pretty stupid bug, though. Should never have happened. with physical access to the machine, there's nothing stopping anyone from removing the hard drive, plugging in a USB hard drive adaptor thingy, and then reading it directly with another computer. so the bug is funnier than it is dangerous. Unless data is encrypted. If you remove the hard drive and plug it somewhere, you are still left with ciphered data. On the contrary, if you read Hector Marco and Ismael Ripoll's original article, you'll find out how they used the GRUB2 vulnerability to access the GRUB rescue shell and deploy a malware from there. "Since the data is ciphered, the strategy we will use is to infect the system and wait until the user decrypts the data (by login into the system) and then access to the information in plain." http://hmarco.org/bugs/CVE-2015-8370...on-bypass.html |
#6
|
|||
|
|||
Exploit Logs You Into Linux Systems After Hitting Backspace 28 Times
edevils wrote:
On 21/12/2015 18:06, Big Bad Bob wrote: On 12/20/15 16:38, Chris Ahlstrom so wittily quipped: Anonymous wrote this copyrighted missive and expects royalties: Though most of you likely don't run Linux—specifically, one using the Grub2 bootloader—you'll surely appreciate the unintended humor of a brand-new exploit that was recently found for said bootloader. http://www.pcmag.com/article2/0,2817,2496870,00.asp What took you so long to post this? It's been bandied about for many days now. Already fixed, by the way. Pretty stupid bug, though. Should never have happened. with physical access to the machine, there's nothing stopping anyone from removing the hard drive, plugging in a USB hard drive adaptor thingy, and then reading it directly with another computer. so the bug is funnier than it is dangerous. Unless data is encrypted. If you remove the hard drive and plug it somewhere, you are still left with ciphered data. On the contrary, if you read Hector Marco and Ismael Ripoll's original article, you'll find out how they used the GRUB2 vulnerability to access the GRUB rescue shell and deploy a malware from there. "Since the data is ciphered, the strategy we will use is to infect the system and wait until the user decrypts the data (by login into the system) and then access to the information in plain." http://hmarco.org/bugs/CVE-2015-8370...on-bypass.html With physical access to the machine they could just as well install the logging software the standard way. No need for a Grub exploit Physical access means all bounds are off. You can not secure such a system in any meaningful way, encrypted or not |
#7
|
|||
|
|||
Exploit Logs You Into Linux Systems After Hitting Backspace 28Times
On 21/12/2015 19:01, Peter Köhlmann wrote:
edevils wrote: On 21/12/2015 18:06, Big Bad Bob wrote: On 12/20/15 16:38, Chris Ahlstrom so wittily quipped: Anonymous wrote this copyrighted missive and expects royalties: Though most of you likely don't run Linux—specifically, one using the Grub2 bootloader—you'll surely appreciate the unintended humor of a brand-new exploit that was recently found for said bootloader. http://www.pcmag.com/article2/0,2817,2496870,00.asp What took you so long to post this? It's been bandied about for many days now. Already fixed, by the way. Pretty stupid bug, though. Should never have happened. with physical access to the machine, there's nothing stopping anyone from removing the hard drive, plugging in a USB hard drive adaptor thingy, and then reading it directly with another computer. so the bug is funnier than it is dangerous. Unless data is encrypted. If you remove the hard drive and plug it somewhere, you are still left with ciphered data. On the contrary, if you read Hector Marco and Ismael Ripoll's original article, you'll find out how they used the GRUB2 vulnerability to access the GRUB rescue shell and deploy a malware from there. "Since the data is ciphered, the strategy we will use is to infect the system and wait until the user decrypts the data (by login into the system) and then access to the information in plain." http://hmarco.org/bugs/CVE-2015-8370...on-bypass.html With physical access to the machine they could just as well install the logging software the standard way. Could they, if GRUB is password protected? No need for a Grub exploit Physical access means all bounds are off. You can not secure such a system in any meaningful way, encrypted or not However, removing a hard drive is not as easy as using a keyboard. If you remove a hard drive in an office, you might be be noticed. Some hard drives are even stored in a secure vault, while you can still access the keyboard. |
#8
|
|||
|
|||
Exploit Logs You Into Linux Systems After Hitting Backspace 28Times
With physical access to the machine they could just as well install the logging software the standard way. Could they, if GRUB is password protected? No need for a Grub exploit Physical access means all bounds are off. You can not secure such a system in any meaningful way, encrypted or not However, removing a hard drive is not as easy as using a keyboard. If you remove a hard drive in an office, you might be be noticed. Some hard drives are even stored in a secure vault, while you can still access the keyboard. physical access == total access |
#9
|
|||
|
|||
Exploit Logs You Into Linux Systems After Hitting Backspace 28 Times
On Mon, 21 Dec 2015 09:06:22 -0800, Big Bad Bob
wrote: On 12/20/15 16:38, Chris Ahlstrom so wittily quipped: Anonymous wrote this copyrighted missive and expects royalties: Though most of you likely don't run Linux?specifically, one using the Grub2 bootloader?you'll surely appreciate the unintended humor of a brand-new exploit that was recently found for said bootloader. http://www.pcmag.com/article2/0,2817,2496870,00.asp What took you so long to post this? It's been bandied about for many days now. Already fixed, by the way. Pretty stupid bug, though. Should never have happened. with physical access to the machine, there's nothing stopping anyone from removing the hard drive, plugging in a USB hard drive adaptor thingy, and then reading it directly with another computer. And you remove the hard drive because .... ? []'s -- Don't be evil - Google 2004 We have a new policy - Google 2012 |
#10
|
|||
|
|||
Exploit Logs You Into Linux Systems After Hitting Backspace 28 Times
edevils wrote:
On 21/12/2015 19:01, Peter Köhlmann wrote: edevils wrote: On 21/12/2015 18:06, Big Bad Bob wrote: On 12/20/15 16:38, Chris Ahlstrom so wittily quipped: Anonymous wrote this copyrighted missive and expects royalties: Though most of you likely don't run Linux—specifically, one using the Grub2 bootloader—you'll surely appreciate the unintended humor of a brand-new exploit that was recently found for said bootloader. http://www.pcmag.com/article2/0,2817,2496870,00.asp What took you so long to post this? It's been bandied about for many days now. Already fixed, by the way. Pretty stupid bug, though. Should never have happened. with physical access to the machine, there's nothing stopping anyone from removing the hard drive, plugging in a USB hard drive adaptor thingy, and then reading it directly with another computer. so the bug is funnier than it is dangerous. Unless data is encrypted. If you remove the hard drive and plug it somewhere, you are still left with ciphered data. On the contrary, if you read Hector Marco and Ismael Ripoll's original article, you'll find out how they used the GRUB2 vulnerability to access the GRUB rescue shell and deploy a malware from there. "Since the data is ciphered, the strategy we will use is to infect the system and wait until the user decrypts the data (by login into the system) and then access to the information in plain." http://hmarco.org/bugs/CVE-2015-8370...on-bypass.html With physical access to the machine they could just as well install the logging software the standard way. Could they, if GRUB is password protected? Yes |
#11
|
|||
|
|||
Exploit Logs You Into Linux Systems After Hitting Backspace 28 Times
In article ,
Shadow wrote: On Sun, 20 Dec 2015 21:28:59 +0100, Anonymous wrote: Though most of you likely don't run Linux—specifically, one using the Grub2 bootloader—you'll surely appreciate the unintended humor of a brand-new exploit that was recently found for said bootloader. The exploit is being quickly patched by various major Linux distros, including Ubuntu, Red Hat, and Debian, and it also requires physical access to an unpatched machine to work, so it's not the worst potential vulnerability, just one of the sillier ones. OS calls it. [ ... ] Given physical access to a system, an attacker of even modest skills can get any and everything off a system. If the sole objective is denial of service, I don't know of any hard drve that can survive a hammer or drill (particularly both) attack. Without physical security, nothing else matters. Gary |
#12
|
|||
|
|||
Exploit Logs You Into Linux Systems After Hitting Backspace 28Times
In article Peter =?UTF-8?B?S8O2aGxtYW5u?= wrote: edevils wrote: On 21/12/2015 18:06, Big Bad Bob wrote: On 12/20/15 16:38, Chris Ahlstrom so wittily quipped: Anonymous wrote this copyrighted missive and expects royalties: Though most of you likely don't run Linux—specifically, one using the Grub2 bootloader—you'll surely appreciate the unintended humor of a brand-new exploit that was recently found for said bootloader. http://www.pcmag.com/article2/0,2817,2496870,00.asp What took you so long to post this? It's been bandied about for many days now. Already fixed, by the way. Pretty stupid bug, though. Should never have happened. with physical access to the machine, there's nothing stopping anyone from removing the hard drive, plugging in a USB hard drive adaptor thingy, and then reading it directly with another computer. so the bug is funnier than it is dangerous. Unless data is encrypted. If you remove the hard drive and plug it somewhere, you are still left with ciphered data. On the contrary, if you read Hector Marco and Ismael Ripoll's original article, you'll find out how they used the GRUB2 vulnerability to access the GRUB rescue shell and deploy a malware from there. "Since the data is ciphered, the strategy we will use is to infect the system and wait until the user decrypts the data (by login into the system) and then access to the information in plain." http://hmarco.org/bugs/CVE-2015-8370...on-bypass.html With physical access to the machine they could just as well install the logging software the standard way. No need for a Grub exploit Physical access means all bounds are off. You can not secure such a system in any meaningful way, encrypted or not Bottom line, someone would have to have be present with access to the equipment to accomplish this correct? That would narrow down the scope of possible suspects considerably. |
#13
|
|||
|
|||
Exploit Logs You Into Linux Systems After Hitting Backspace 28Times
On 12/22/2015 1:18 AM, Peter Köhlmann wrote:
edevils wrote: On 21/12/2015 19:01, Peter Köhlmann wrote: edevils wrote: On 21/12/2015 18:06, Big Bad Bob wrote: On 12/20/15 16:38, Chris Ahlstrom so wittily quipped: Anonymous wrote this copyrighted missive and expects royalties: Though most of you likely don't run Linux—specifically, one using the Grub2 bootloader—you'll surely appreciate the unintended humor of a brand-new exploit that was recently found for said bootloader. http://www.pcmag.com/article2/0,2817,2496870,00.asp What took you so long to post this? It's been bandied about for many days now. Already fixed, by the way. Pretty stupid bug, though. Should never have happened. with physical access to the machine, there's nothing stopping anyone from removing the hard drive, plugging in a USB hard drive adaptor thingy, and then reading it directly with another computer. so the bug is funnier than it is dangerous. Unless data is encrypted. If you remove the hard drive and plug it somewhere, you are still left with ciphered data. On the contrary, if you read Hector Marco and Ismael Ripoll's original article, you'll find out how they used the GRUB2 vulnerability to access the GRUB rescue shell and deploy a malware from there. "Since the data is ciphered, the strategy we will use is to infect the system and wait until the user decrypts the data (by login into the system) and then access to the information in plain." http://hmarco.org/bugs/CVE-2015-8370...on-bypass.html With physical access to the machine they could just as well install the logging software the standard way. Could they, if GRUB is password protected? Yes 1. USB and DVD etc. access would locked be in BIOS settings, of course. 2. Are you talking of keyboard access, or using hammer and screwdriver? That wouldn't go unnoticed. |
#14
|
|||
|
|||
Exploit Logs You Into Linux Systems After Hitting Backspace 28Times
On 12/21/2015 10:28 PM, ray carter wrote:
With physical access to the machine they could just as well install the logging software the standard way. Could they, if GRUB is password protected? No need for a Grub exploit Physical access means all bounds are off. You can not secure such a system in any meaningful way, encrypted or not However, removing a hard drive is not as easy as using a keyboard. If you remove a hard drive in an office, you might be be noticed. Some hard drives are even stored in a secure vault, while you can still access the keyboard. physical access == total access If a bad guy has UNRESTRICTED physical access, then he will be able to do anything. But another scenario is "restricted" physical access, meaning: KEYBOARD access only! |
#15
|
|||
|
|||
Exploit Logs You Into Linux Systems After Hitting Backspace 28Times
In article
Peter =?UTF-8?B?S8O2aGxtYW5u?= wrote: edevils wrote: On 21/12/2015 18:06, Big Bad Bob wrote: On 12/20/15 16:38, Chris Ahlstrom so wittily quipped: Anonymous wrote this copyrighted missive and expects royalties: Though most of you likely don't run Linux—specifically, one using the Grub2 bootloader—you'll surely appreciate the unintended humor of a brand-new exploit that was recently found for said bootloader. http://www.pcmag.com/article2/0,2817,2496870,00.asp What took you so long to post this? It's been bandied about for many days now. Already fixed, by the way. Pretty stupid bug, though. Should never have happened. with physical access to the machine, there's nothing stopping anyone from removing the hard drive, plugging in a USB hard drive adaptor thingy, and then reading it directly with another computer. so the bug is funnier than it is dangerous. Unless data is encrypted. If you remove the hard drive and plug it somewhere, you are still left with ciphered data. On the contrary, if you read Hector Marco and Ismael Ripoll's original article, you'll find out how they used the GRUB2 vulnerability to access the GRUB rescue shell and deploy a malware from there. "Since the data is ciphered, the strategy we will use is to infect the system and wait until the user decrypts the data (by login into the system) and then access to the information in plain." http://hmarco.org/bugs/CVE-2015-8370...on-bypass.html With physical access to the machine they could just as well install the logging software the standard way. No need for a Grub exploit Physical access means all bounds are off. You can not secure such a system in any meaningful way, encrypted or not Bottom line, someone would have to have be present with access to the equipment to accomplish this correct? That would narrow down the scope of possible suspects considerably. |
|
Thread Tools | |
Display Modes | Rate This Thread |
|
|