GamersRoost

Ill just leave this here.... Linux users - UPDATE GRUB

12 posts in this topic

http://thehackernews.com/2015/12/hack-linux-grub-password.html

So what would anyone need to bypass password protection on your computer?

 
It just needs to hit the backspace key 28 times, for at least the computer running Linux operating system.
 
Wait, what?
 
A pair of security researchers from the University of Valencia have uncovered a bizarre bug in several distributions of Linux that could allow anyone to bypass any kind of authentication during boot-up just by pressing backspace key 28 times.
 
 
 
This time, the issue is neither in a kernel nor in an operating system itself, but rather the vulnerability actually resides in Grub2, the popular Grand Unified Bootloader, which is used by most Linux systems to boot the operating system when the PC starts.
The source of the vulnerability is nothing but an integer underflow fault that was introduced with single commit in Grub version 1.98 (December 2009) – b391bdb2f2c5ccf29da66cecdbfb7566656a704d – affecting the grub_password_get() function.
 

Share this post


Link to post
Share on other sites
Advertisement
3 hours ago, Taylor Swift said:

How does this affect Exile? lol :S

To more accurately respond to your question..

If you can access a login from a remote location, then hitting backspace 28 times could grant someone access to your server. Your exile server. So does it affect Exile? I don't know, I use Windows.

I put this for you guys as a heads up. Maybe it would be best if i asked a mod to delete the post? I was trying to be helpful, but apparently you seem to think the info is useless. lol :S

Share this post


Link to post
Share on other sites
25 minutes ago, GamersRoost said:

To more accurately respond to your question..

If you can access a login from a remote location, then hitting backspace 28 times could grant someone access to your server. Your exile server. So does it affect Exile? I don't know, I use Windows.

I put this for you guys as a heads up. Maybe it would be best if i asked a mod to delete the post? I was trying to be helpful, but apparently you seem to think the info is useless. lol :S

Nope, useful to be aware of. However I can't see this being very true. A MAJOR OS such as Linux would have fixed this issue before this post was even seen by anybody else :)

Share this post


Link to post
Share on other sites

GRUB is a multi-OS launcher (like LILO) and this security hole, while severe, probably won't be an issue to most Exile Linux admins. Thanks for the heads up though.

Share this post


Link to post
Share on other sites

I can't see Linux releasing this information if it was a major threat. There has to be something else to it. :)

Share this post


Link to post
Share on other sites
3 minutes ago, Tobias Solem said:

GRUB is a multi-OS launcher (like LILO) and this security hole, while severe, probably won't be an issue to most Exile Linux admins. Thanks for the heads up though.

It's a community, man. Just tryin to do my part.  I realize that about 80% of the people that "code" these servers (all gaming servers) are not IT professionals in their everyday, so stories like this may seem frivolous.  

I am a MCITP and run a Service Desk for a major University here in the US. I figured at the very least, mention it to the Linux users here.  I don't know Linux, but I know the Linux Ops teams are patching like mad right now.

Thanks for the info too, seems it really wont affect the server operators that use Linux for Exile.

Cheers,

Josh

Share this post


Link to post
Share on other sites

To ise grub you have to have local access everyone is using ssh over the Internet ??

Share this post


Link to post
Share on other sites
Advertisement

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.