Cryptsetup Vulnerability Allows Easily Getting To A Root Shell
CVE-2016-4484 was disclosed on Monday as a Cryptsetup issue that allows users to easily gain access to a root initramfs shell on affected systems in a little over one minute of simply hitting the keyboard's enter key.
This Cryptsetup vulnerability is widespread and easy to exploit, simply requiring a lot of invalid passwords before being dropped down a root shell. The data on the LUKS-encrypted volume is still protected, but you have root shell access. The CVE reads, "This vulnerability allows to obtain a root initramfs shell on affected systems. The vulnerability is very reliable because it doesn't depend on specific systems or configurations. Attackers can copy, modify or destroy the hard disc as well as set up the network to exflitrate data. This vulnerability is specially serious in environments like libraries, ATMs, airport machines, labs, etc, where the whole boot process is protect (password in BIOS and GRUB) and we only have a keyboard or/and a mouse."
The fault comes from incorrect handling of the password check and when the user exceeds that password check count, the boot proceeds. To exploit the system, you can simply press the "enter" key at the LUKS password prompt for about 70 seconds before you'll see the initramfs shell.
More details via this report.
This Cryptsetup vulnerability is widespread and easy to exploit, simply requiring a lot of invalid passwords before being dropped down a root shell. The data on the LUKS-encrypted volume is still protected, but you have root shell access. The CVE reads, "This vulnerability allows to obtain a root initramfs shell on affected systems. The vulnerability is very reliable because it doesn't depend on specific systems or configurations. Attackers can copy, modify or destroy the hard disc as well as set up the network to exflitrate data. This vulnerability is specially serious in environments like libraries, ATMs, airport machines, labs, etc, where the whole boot process is protect (password in BIOS and GRUB) and we only have a keyboard or/and a mouse."
The fault comes from incorrect handling of the password check and when the user exceeds that password check count, the boot proceeds. To exploit the system, you can simply press the "enter" key at the LUKS password prompt for about 70 seconds before you'll see the initramfs shell.
More details via this report.
30 Comments