Major Linux Security Hole Gapes Open

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
A major security hole in Linux has been discovered. I'm not sure I would have used the term "hole gapes open" to describe the discovery but that's probably because I have a dirty mind. . :D

Sometimes Linux users can be smug about their system's security. And sometimes a major hole that's been hiding in Linux since about version 2.6 opens up and in you fall. As described in the security report, CVE-2016-4484, the hole allows attackers "to obtain a root initramfs [initial RAM file system] shell on affected systems. The vulnerability is very reliable because it doesn't depend on specific systems or configurations. Attackers can copy, modify, or destroy the hard disc as well as set up the network to exflitrate data.
 
"Now for the really embarrassing part. Want to know how to activate it? Boot the system and then hold down the enter key. Wait. After about a minute and a half, you'll find yourself in a BusyBox root shell. You now control the horizontal, you now control the vertical, and whoever owns the system is not going to be happy with you."

If an attacker is physically present at your system, you're screwed anyway in my presumption.
 
jpm100 said:
"Now for the really embarrassing part. Want to know how to activate it? Boot the system and then hold down the enter key. Wait. After about a minute and a half, you'll find yourself in a BusyBox root shell. You now control the horizontal, you now control the vertical, and whoever owns the system is not going to be happy with you."

If an attacker is physically present at your system, you're screwed anyway in my presumption.
Click to expand...

Pretty much sums it up. If physical security can't be assured then no system is safe. Love how the author states that Open Source fails because of this flaw. As if closed source systems have never been affected by anything such as this or are somehow better because they hide their source. Laughable.
 
Meh, I honestly never bothered to encrypt my volumes on my machines. Looks my own laziness worked out in my favor for a change.
 
CVE-2016-4484 said:
Am I vulnerable ?
Click to expand...
CVE-2016-4484 said:
If you use Debian or Ubuntu/ (probably many derived distributions are also vulnerable, but we have not tested), and you have encrypted the system partition, then your systems is vulnerable.
Click to expand...

Just for those who don't want to read the CVE. I don't think it was explicitly said in the linked article.
 
The title is very misleading. "A major security hole in Linux has been discovered". I looked at this in more detail, adding to what Frobozz said, this looks like a specific distribution issue. Testing several non Debian/Ubuntu distributions using the 2.6 kernel they were not vulnerable.
 
Wolf-R1 said:
Pretty much sums it up. If physical security can't be assured then no system is safe. Love how the author states that Open Source fails because of this flaw. As if closed source systems have never been affected by anything such as this or are somehow better because they hide their source. Laughable.
Click to expand...

Exactly my thoughts. Is this any different then back in the day on Windows how there was no default password on the administrator account so I could boot into safe mode, log onto the administrator account and change the password on other users ?

If someone is already in my home then i'm more worried they killed my wife and I to get to my computer. They mention this also effects cloud services which I don't use.
 
Simmonz said:
Exactly my thoughts. Is this any different then back in the day on Windows how there was no default password on the administrator account so I could boot into safe mode, log onto the administrator account and change the password on other users ?

If someone is already in my home then i'm more worried they killed my wife and I to get to my computer. They mention this also effects cloud services which I don't use.
Click to expand...
They failed to describe how the attacker is going to boot a cloud system and hold down enter to get to the root. If you boot the cloud remotely, you lose connect until the system is back up. Perhaps they expect the attacker to gain remote access to the virtual machine as cloud admin -> same thing as having physical access. Game over.
 
Grimdaria said:
The title is very misleading. "A major security hole in Linux has been discovered". I looked at this in more detail, adding to what Frobozz said, this looks like a specific distribution issue. Testing several non Debian/Ubuntu distributions using the 2.6 kernel they were not vulnerable.
Click to expand...

99% of people don't understand the difference between a kernel and OS.
 
You must log in or register to reply here.
Back
Top