Patch/Configuration Management, Vulnerability Management

How to bypass Lynix’s Grub2 bootloader (with one key)

The password protection feature on Grub2, a popular bootloader for Linux operating systems, can be bypassed simply by pressing the backspace key 28 times.

The vulnerability, discovered by two researchers at the Polytechnic University of Valencia's (UPV) CyberSecurity Group in Spain, enabled any attacker with physical access to a Linux computer to obtain a Grub rescue shell.

The malicious person only needs to boot the computer from a different operating system to gain the Grub rescue shell, the researchers noted in a blog post. The rescue shell grants elevated privileges to users and can then be used to load malware or to steal and delete data.

Researchers Hector Marco and Ismael Ripoll, demonstrated that the vulnerability can be exploited by APTs (advanced persistent threats) to gain full access to the victim's data remotely.

The researchers also provided instructions for creating an emergency patch to secure bootloader.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.