Attackers with a little more than a minute to spare can compromise Linux boxes by holding down the Enter key for 70 seconds, an act that gifts them a root initramfs shell .

The simple exploit exists due to a bug in the Linux Unified Key Setup (LUKS) used in popular variations of Linux.

With access to the shell, an attacker could then decrypt Linux machines. The attack also works on virtual Linux boxen in clouds.

Debian, Fedora and are confirmed as suffering from this problem.

The problem was identified by Hector Marco, alecturer of the Univeristy West of Scotland, together with Polytechnic University of Valencia assistant professor Ismael Ripoll. The pair say the problem does not require particular system configuration and offer the following analysis of the flaw:

This vulnerability allows to obtain a root initramfs shell on affected systems. The vulnerability is very reliable because it doesn't depend on specific systems or configurations.

Attackers can copy, modify or destroy the hard disc as well as set up the network to exfiltrate data. This vulnerability is especially serious in environments like libraries, ATMs, airport machines, labs, etc, where the whole boot process is protect (password in BIOS and GRUB) and we only have a keyboard or/and a mouse.

Marco and Ripoll says the "very reliable" exploit has been patched and a workaround developed that shutters the hack.

The pair says the vulnerability could have been forged during patch process when other security fixes were developed. ®

Sponsored: Magic quadrant for enterprise mobility management suites

The Register - Security

Leave a Reply

Your email address will not be published. Required fields are marked *