New BootHole Vulernability Revealed, Impacts Billions of Devices

erek

Supreme [H]ardness
Joined
Dec 19, 2005
Messages
5,878
"The announcement comes as part of a coordinated disclosure with OS vendors, computer manufacturers, and CERTs, many of which Eclypsium says will release individual announcements today. Those companies include Microsoft, Oracle, Red Hat, Canonical (Ubuntu), SuSE, Debian, Citrix, VMware, and a spate of various OEMs and software vendors.


The company projects the vulnerability will take some time to be patched for all systems, with various entities announcing their own schedules for patch releases. Per the company:

"Mitigation is complex and can be risky and will require the specific vulnerable program to be signed and deployed, and vulnerable programs should be revoked to prevent adversaries from using older, vulnerable versions in an attack. The three-stage mitigation process will likely take years for organizations to complete patching.""


https://www.tomshardware.com/news/new-boothole-vulernability-revealed-impacts-billions-of-devices
 

serpretetsky

[H]ard|Gawd
Joined
Dec 24, 2008
Messages
1,764
Requires root access or an already compromised system on Linux (probably Windows also) to exploit, so meh.
Yes, but also this makes it more annoying:
However, once compromised, the system appears to operate as normal even though malware has complete access to the system and OS. The malicious code then resides in the bootloader, and thus will persist even after re-installing the operating system.
You think you just reinstalled your OS and you are clean? You should probably reload the UEFI firmware as well just to be sure.

Luckily a lot of new servers have separate uefi firmware authentication that is not connected to the host OS. So in that case you shouldn't need to worry about reload the uefi firmware.
 

Lakados

2[H]4U
Joined
Feb 3, 2014
Messages
2,408
Requires root access or an already compromised system on Linux (probably Windows also) to exploit, so meh.
Requires it now, but could be piggybacked on a different exploit.... Single exploits are rarely dangerous, too many things can factor in, but pair 2 or 3 together and you are in for a bad time.
 

auntjemima

Supreme [H]ardness
Joined
Mar 1, 2014
Messages
6,252
Yes, but also this makes it more annoying:

You think you just reinstalled your OS and you are clean? You should probably reload the UEFI firmware as well just to be sure.

Luckily a lot of new servers have separate uefi firmware authentication that is not connected to the host OS. So in that case you shouldn't need to worry about reload the uefi firmware.
Reference your second quote... If I am thinking solely end user, not server side, who doesn't format a drive before installing windows again? The EFI partition is removed in that sense.
 

serpretetsky

[H]ard|Gawd
Joined
Dec 24, 2008
Messages
1,764
Reference your second quote... If I am thinking solely end user, not server side, who doesn't format a drive before installing windows again? The EFI partition is removed in that sense.
This in reference to the UEFI firmware on the motherboard, not on the drive. It's typically stored in nor flash spi memory. ( same as bios before it was replaced by uefi)

edit: I read it again and it's actually not clear to me what they are referring to. If it is indeed the boot code on the drive then I agree with you; who cares? If it is the uefi fw on the board then that's certainly more annoying.
 

Shoganai

Gawd
Joined
Dec 5, 2018
Messages
718
This in reference to the UEFI firmware on the motherboard, not on the drive. It's typically stored in nor flash spi memory. ( same as bios before it was replaced by uefi)

edit: I read it again and it's actually not clear to me what they are referring to. If it is indeed the boot code on the drive then I agree with you; who cares? If it is the uefi fw on the board then that's certainly more annoying.
They're referring to the firmware. It's a boot loader vulnerability, hence the name.
 

Ready4Dis

[H]ard|Gawd
Joined
Nov 4, 2015
Messages
1,716
They're referring to the firmware. It's a boot loader vulnerability, hence the name.
You said 2 opposing things and then made it seem like it was clear... A boot loader is typically on disk (I've written custom bootloader's for PCs, so I'm familiar with the term)... UEFI firmware is something else but is slightly more complex than a normal bios, so it can also handle part of the responsibility of the bootloader. It's not as ambiguous as it used to be. So saying bootloader doesn't really narrow it down.
 

Shoganai

Gawd
Joined
Dec 5, 2018
Messages
718
You said 2 opposing things and then made it seem like it was clear... A boot loader is typically on disk (I've written custom bootloader's for PCs, so I'm familiar with the term)... UEFI firmware is something else but is slightly more complex than a normal bios, so it can also handle part of the responsibility of the bootloader. It's not as ambiguous as it used to be. So saying bootloader doesn't really narrow it down.
It's referring to secure boot.
 

ryan_975

[H]F Junkie
Joined
Feb 6, 2006
Messages
14,784
It’s talking about a flaw in the way GRUB2 parses its unsigned config file that can lead to a buffer overflow. A modified config file could contain malicious code that would be executed despite secure boot being enabled.

it has nothing to do with placing code in the firmware, or even the EFI partition (except that the GRUB config file may be on there).
 

Mazzspeed

2[H]4U
Joined
Dec 27, 2017
Messages
2,652
You think you just reinstalled your OS and you are clean? You should probably reload the UEFI firmware as well just to be sure.

Luckily a lot of new servers have separate uefi firmware authentication that is not connected to the host OS. So in that case you shouldn't need to worry about reload the uefi firmware.
I eliminated that problem, I use an LGA1366 based system running an actual BIOS as opposed to UEFI.
 

seanreisk

[H]ard|Gawd
Joined
Aug 29, 2011
Messages
1,506
Everyone has a boothole.

This is why strip clubs do not allow physical access.
I am imagining a darkened club with a big sandbox next to a stage, and a bunch of unattractive businessmen sitting in it, masturbating, while a stripper on stage spins on a pole.


-- I don't wish for money or fame or good looks in my next life. In my next life I just want a different imagination.
 

PhaseNoise

2[H]4U
Joined
May 11, 2005
Messages
2,872
I am imagining a darkened club with a big sandbox next to a stage, and a bunch of unattractive businessmen sitting in it, masturbating, while a stripper on stage spins on a pole.


-- I don't wish for money or fame or good looks in my next life. In my next life I just want a different imagination.
You really should RMA that imagination.
 

Krenum

[H]F Junkie
Joined
Apr 29, 2005
Messages
15,972
Yeah those butthole vulnerability impacts can be rough, especially when revealed.
 

seanreisk

[H]ard|Gawd
Joined
Aug 29, 2011
Messages
1,506
You really should RMA that imagination.
I would if I was guaranteed to get a new one. But I'd probably get a refurbished imagination sent in by some other freak. Which means that they would refurbish the imagination that I sent in and then send it back out to someone else, and there's a chance that I would run into that person in the future. And if you've been able to follow along with this line of thought, you've already realized that meeting your own refurbished imagination would be too weird.

Btw, I forgot a whole sentence in my previous post. What I meant to say was, "They'd allow physical access if it could be kept in a secure sandbox. But I am imagining a darkened club with a big sandbox next to a stage, and a bunch of unattractive businessmen sitting in it, masturbating, while a stripper on stage spins on a pole."

Having to explain your weird comments is weird, btw.


P.S. Working hard to derail this thread in the worst way possible, and I'm succeeding like Pumbaa in a mudhole. Hakuna Matata, bitches, they call me 'Mr. Pig.'
 

RPKYGK

Weaksauce
Joined
Jan 1, 2018
Messages
74
I always like to imagine how disappointed a hacker might be if they got into my system and discovered I don't have anytihng.
 

ryan_975

[H]F Junkie
Joined
Feb 6, 2006
Messages
14,784
I always like to imagine how disappointed a hacker might be if they got into my system and discovered I don't have anytihng.
They’re not always after your into. Some want your hardware to mine crypto, serve as a mail bot, or just sit there doing it’s part to help DDoS a more valuable target.
 

Mazzspeed

2[H]4U
Joined
Dec 27, 2017
Messages
2,652
Similar here (see 775 system in sig), I love all of my old outdated junk!
It's not really outdated when it still achieves the task it was designed to do just fine. There's plenty of modern entry level PC's/laptop's out there that struggle to achieve the task they're marketed towards, such devices should really be illegal to sell.
 

70 Polara

Limp Gawd
Joined
Jul 31, 2004
Messages
198
It's not really outdated when it still achieves the task it was designed to do just fine. There's plenty of modern entry level PC's/laptop's out there that struggle to achieve the task they're marketed towards, such devices should really be illegal to sell.
No doubt on the low end junk they still sell, or machines I have seen recently still coming with 2GB and full blown Windows 10! WTF? Or machines coming with 32GB SSDs that can't even upgrade Windows 10 versions.....really WTF?

Anyways, my system in sig literally cost me less then $80 to piece together and amazes me what it's capable of. Currently playing through Metro Exodus Sam's Story and it runs just fine and I'm enjoying the game. 775 and 1366 forever.

It seems to me most of these new features such as UEFI or Intel ME sold as 'security' that just make it harder to make things 'just work' always end coming up short.
 

trent51

n00b
Joined
Jul 29, 2020
Messages
18
The thing about all these vulnerability discoveries is they seem to only pose a realistic threat to server farms and corporations. Yet, the patches are applied to everyone, including end users at home, such that everyone's performance is degraded.
 

Red Falcon

[H]F Junkie
Joined
May 7, 2007
Messages
10,553
The thing about all these vulnerability discoveries is they seem to only pose a realistic threat to server farms and corporations. Yet, the patches are applied to everyone, including end users at home, such that everyone's performance is degraded.
This isn't going to be an Intel CPU hardware patch, it is going to be a fix on permissions on a config file on the boot partition - shouldn't see any difference in performance afterwards.
 

Lakados

2[H]4U
Joined
Feb 3, 2014
Messages
2,408
I wonder if this exploit would affect a VM in the same way it would a physical machine.
 
Top