Encrypted Linux Systems Affected By Boot Process Vulnerability

Early last week a potentially serious vulnerability (assigned CVE-2016-4484 (defined)) within the Linux boot sequence was disclosed by security researchers at the DeepSec conference in Vienna.

Why Should This Issue Be Considered Important?
This is an elevation of privilege (defined) vulnerability that when exploited can result in an attacker obtaining root (defined) level access over your Linux system. It can be exploited by continually pressing the Enter key at the LUKS (Linux Unified Key Setup) password prompt. According to the researchers Hector Marco & Ismael Ripoll after approximately 70 seconds a new root shell (defined) will appear.

With this shell the attacker can delete all of information on the encrypted disks the LUKS prompt is designed to protect. This could also be used to copy the encrypted information to another location to attempt to brute force (defined) it. This also applies to any unencrypted information on the disk. Finally it could be used to elevate privileges from a standard user by storing an executable file with the SetUID bit enabled.

Interestingly this issue can only occur if the system partition is encrypted. At least Debian and Ubuntu distributions are vulnerable to this issue. Others may be too but the researchers have not exhaustively tested them.

Further details of this issue are provided within the researcher’s blog post.

How Can I Protect Myself From This Issue?
The researchers have provided a workaround and have proposed a more permanent fix within their blog post. It involves editing the cryptroot file so that the computer simply reboots when the number of password guesses reaches the limit.

If you are a Linux system administrator or know someone who is, this issue and it’s fix may be of interest. Thank you.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s