A worryingly simple security flaw has been discovered in several Linux distributions by the Cybersecurity Group at the Polytechnic University of Valencia.
At the login screen, an attacker simply needs to press backspace 28 times in order to crash the Grub2 bootloader and bypass the authentication process.
The security flaw enables access to the Grub rescue shell, which would enable a number of exploits to occur. For example, the attacker could potentially load a customized Linux kernel, enabling him or her to copy the full disk or install a rootkit remotely. Data can also be destroyed, including the grub itself, even if the disk is protected by a cipher.
“The successful exploitation of the vulnerability has been possible because we made a very deep analysis of all components involved in this bug,” explains Hector Marco from the Cybersecurity Group. “As can be seen, the successful exploitation depends on many things: the BIOS version, the GRUB version, the amount of RAM, and whatever that modifies the memory layout. And each system requires a deep analysis to build the specific exploit.”
Although the bug is relatively limited, in that an attacker would need physical access to the device, the vulnerability is worrying because it could be easily patched. By employing exploit mitigations like stack cookies, which have been available for many years, this flaw could have been prevented.
If any Linux users are concerned that their distribution may be vulnerable to the bug, the Cybersecurity Group have released a patch that rectifies the issue.