Linux Systems Vulnerable to Backspace Bug
Posted by: Timothy Weaver on 12/21/2015 09:52 AM
[
Comments
]
Do you want to steal some files or folders from your friends Linux computer? Afraid you can't get pass the login screen?
Well, in some distro's of Linux, all you have to do is hit the backspace tab 28 times. Two security researchers from the Cybersecurity Group at the Polytechnic University of Valencia (UPV) in Spain found that it’s possible to bypass any kind of authentication and take control of a locked-down computer that runs Linux just by hitting the backspace 28 times.
The bug is in Grub2.
According to Hector Marco and Ismael Ripoll, the attacker can access what’s called the “Grub rescue shell” and gain access to the computer’s data, allowing him or her to install persistent malware, simply steal all the data, or destroy it.
What happens is if you hit the backspace 28 times, and only 28 times, causes an error in the systems’ memory that launches the rescue function.
Dan Guido, the founder of security firm Trail of Bits, said: "It is irresponsible for grub to lack decades-old exploit mitigations like stack cookies that could have addressed this issue."
While one needs to have physical possession of the machine, it is a reminder that systems can be vulnerable to some of the silliest of things.
Source: Motherboard
Well, in some distro's of Linux, all you have to do is hit the backspace tab 28 times. Two security researchers from the Cybersecurity Group at the Polytechnic University of Valencia (UPV) in Spain found that it’s possible to bypass any kind of authentication and take control of a locked-down computer that runs Linux just by hitting the backspace 28 times.The bug is in Grub2.
According to Hector Marco and Ismael Ripoll, the attacker can access what’s called the “Grub rescue shell” and gain access to the computer’s data, allowing him or her to install persistent malware, simply steal all the data, or destroy it.
What happens is if you hit the backspace 28 times, and only 28 times, causes an error in the systems’ memory that launches the rescue function.
Dan Guido, the founder of security firm Trail of Bits, said: "It is irresponsible for grub to lack decades-old exploit mitigations like stack cookies that could have addressed this issue."
While one needs to have physical possession of the machine, it is a reminder that systems can be vulnerable to some of the silliest of things.
Source: Motherboard
Comments
