Welcome Guest | Sign In
ECTNews.com
E-Commerce Times TechNewsWorld CRM Buyer LinuxInsider
Discussions

LinuxInsider Talkback

 
ECT News Community   »   LinuxInsider Talkback   »   Re: Backspace Flaw Enables Linux Zero-Day Attack



Re: Backspace Flaw Enables Linux Zero-Day Attack
Posted by: Richard Adhikari 2015-12-28 16:51:25
See Full Story

Researchers last week revealed a zero-day flaw that lets attackers take over a Linux system by pressing the backspace key repeatedly. Pressing backspace 17 to 20 times will overwrite the highest byte of the return address of the grub_memset() function, ultimately causing a reboot by redirecting control flow to the 0x00eb53e8 address, according to the Cybersecurity Group at the Universitat Politecnica de Valencia. The flaw is in Grub v 1.98 and later. Grub is the bootloader used by most Linux systems, including some embedded systems.


Re: Backspace Flaw Enables Linux Zero-Day Attack
Posted by: Dave_B 2015-12-29 11:45:03 In reply to: Richard Adhikari
There's been a lot made of this in the media as there always is when it's a Linux vulnerability, but this needs to be seen in context.
This flaw can only be used to attack a system if the attacker has "hands-on" access to the computer. It cannot be used remotely.
Any computer, regardless of OS, is vulnerable if someone gets physical access. I've demonstrated this point time after time by booting up on external media and getting access to the existing OS.
Any Linux OS can do this. Most "recovery" disks or sticks use Linux to do exactly this.
It's something that needed fixing but frankly the "Zero-Day Attack" headlines are way over the top in my opinion.
Jump to:
When considering a new smartwatch, which feature set is most important to you?
Alerts and Notifications
Calls and Messaging
Clock and Time Tracking
Contactless Payments and Banking
Design and Personalization
GPS and Maps
Health and Fitness
Music and Video