Though many of we expected don’t run Linuxspecifically, one regulating a Grub2 bootloaderyou’ll certainly conclude a unintended amusement of a mint feat that was recently found for pronounced bootloader. The feat is being fast patched by several vital Linux distros, including Ubuntu, Red Hat, and Debian, and it also requires earthy entrance to an unpatched appurtenance to work, so it’s not a worst intensity vulnerability, only one of a sillier ones.
We’ll let Hector Marco and Ismael Ripoll explain, around their Dec 14 security report:
“To fast check if your complement is vulnerable, when a Grub ask we a username, press a Backspace 28 times. If your appurtenance reboots or we get a rescue bombard afterwards your Grub is affected,” they write.
Yes, it’s that easy. After you’ve tapped backspace for a 28th time (on an influenced system), you’ll benefit entrance to a rescue shellgiving we a lot some-more energy over a complement than we formerly had. An assailant would be means to have full entrance to a console but wanting to enter any user name or cue whatsoever. Said chairman could afterwards bucket a customized heart and do all sorts of things to a horde computerincluding duplicating a essence of a tough expostulate or installing some other, harder-to-find feat (like a rootkit) that could means all sorts of issues for a compromised complement (or, worse, other networked systems).
“The assailant is means to destroy any information including a muck itself. Even in a box that a hoop is ciphered a assailant can overwrite it, causing a [denial of service],” a news reads.
If your Linux distro of choice doesn’t occur to have a patch prepared only yet, we can squeeze a emergency patch that Marco and Ripoll have combined to repair a isssueall stemming from a elementary integer underflow error that was introduced to Grub2 behind in Dec of 2009.