Sorry if this is old news, if so I beg your pardon. On 16 Dec '15 "Motherboard.vice.com reported a GRUB2 bug that lets anyone with physical access to your machine simply hit "Backspace" 28 times, and presto they are in to your box. The bug has patches from Ubuntu, Red Hat and Debian. Apologies if this is ancient history or incorrect information.
Hope this is old news GRUB2 28x Backspace bug
- Thread starter cloasters
- Start date
A fundamental tenet of system security is that if the bad buys have physical access to your box, all bets are off. However, the problem with this particular bug is that it can also be exploited if you happen to have remote access via a serial console or lights out management (LOM) card which gives you access to the console at startup. It's quite common in enterprise environments for servers to have LOM cards, so the bug could be exploited via such a mechanism. However, LOM cards typically also provide the ability to mount remote media and manage the hardware of the system; in other words, it's almost as good as physical access to the box, and still way more than enough to compromise the system even if this bug didn't exist.
In short, the bug is definitely something that needs to be fixed, but the only practical way to exploit it by the bad guys would mean that they already have more than enough other (and better) ways to compromise the system that it really wouldn't matter.
In short, the bug is definitely something that needs to be fixed, but the only practical way to exploit it by the bad guys would mean that they already have more than enough other (and better) ways to compromise the system that it really wouldn't matter.
All of the servers I manage at work have LOM cards; either Dell DRAC/iDRAC cards or HP iLO cards or Intel RMM cards. However, they are all protected by a firewall that is only accessible via a VPN, and really heinous passwords.
In short, like any other tool, one needs to understand how to use it.
Oh, and Merry Christmas!
