Short Bytes: Pressing the backspace key repeatedly 28 times can allow you to exploit a bug in the Grub2 bootloader. As a result, the Linux machine asks for your username and accesses the Grub Rescue Shell. Reaching there, a hacker can easily install malware into the system and access its data.
This is possible by exploiting a bug in the Grub2 bootloader. Grub, standing for Grand Unified Bootloader, is utilized for initializing the Linux distros when the computer starts. With password protection feature, it restricts the boot entries and plays an important role in the OS security. When you press the key repeatedly, the Linux machine asks for your username and accesses the Grub Rescue Shell. Reaching there, a hacker can easily install malware into the system and access its data.
What caused this 28-times-backspace Linux vulnerability?
Without proper fencing around the Grub boot options, it’s possible for a hacker to attack your Linux machine. Hector Marco and Ismael Ripoll, two security researchers from the Cybersecurity Group at Polytechnic University of Valencia, have found an integer overflow vulnerability in Grub2 occurring due to this key pressing that lets a hacker put Grub in rescue mode and access the powershell without proper permissions.
Grub2 is the bootloader used by most Linux systems including some embedded systems. This results in an incalculable number of affected devices.
Now the attacker can return Grub to its usual state and install malware or access the disk data. The researchers pinned the fault onto a single commit in 2009 – b391bdb2f2c5ccf29da66cecdbfb7566656a704d – that tricks the grub_password_get() function.
But, here’s a good news. The researchers have prepared a fix by preventing the cur_len overflows. Here’s the emergency patch issued by them: [ 0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch ]
The vulnerability affects all version of Grub2 from 1.98 to 2.02. Popular Linux distros like Red Hat, Debian, Ubuntu and others have released a fix and fossBytes advises you to install the updates soon.
What steps do you take to ensure the security of your computer? Tell us your views in the comments below.