Linux Root Shell access By Pressing 'ENTER'

Linux Root Shell access By Pressing 'ENTER'

 

A hacker with little more than a minute can bypass the authentication procedures on some Linux systems just by holding down the Enter key for around 70 seconds.
The result? The act grants the hacker a shell with root privileges, which allows them to gain complete remote control over encrypted Linux machine.
The security issue relies due to a vulnerability (CVE-2016-4484) in the implementation of the Cryptsetup utility used for encrypting hard drives via Linux Unified Key Setup (LUKS), which is the standard implementation of disk encryption on a Linux-based operating system.
The flaw actually is in the way the Cryptsetup utility handles password failures for the decryption process when a system boots up, which lets a user retry the password multiple times.
What's even worse? Even if the user has tried up all 93 password attempts, the user is dropped to a shell (Busybox in Ubuntu) that has root privileges.
In other words, if you enter a blank password 93 times – or simply hold down the 'Enter' key for roughly 70 seconds – you will gain access to a root initramfs (initial RAM file system) shell. 

Once obtained the root shell on a target Linux machine, you can copy, modify, or destroy the hard disk, or use the network to exfiltrate data.

Vulnerability can also be Exploited Remotely

The flaw, discovered by Spanish security researcher Hector Marco and Ismael Ripoll, affects almost all Linux distributions, including Debian, Ubuntu, Fedora, Red Hat Enterprise Linux (RHEL), and SUSE Linux Enterprise Server (SLES), which potentially puts millions of users at risk.


However, you might be thinking that exploiting this flaw is only possible when you have physical access to the target system. True, but exploiting the flaw remotely is also possible.

If you use cloud-based services that use Linux, you can remotely exploit this vulnerability without having 'physical access.'

Here's How to Fix the Security Issue:

Fortunately, the vulnerability is incredibly easy to fix.

First of all, press the Enter key for about 70 seconds at the LUKS password prompt until a shell appears, just in order to see if your system is vulnerable.

If vulnerable, you will need to check with your Linux distribution support vendor to find out whether or not a patch is available.

Add caption

f the patch is not available, the issue can be fixed by modifying the cryptroot file to stop the boot sequence when the number of password attempts has been exhausted. For this, you can add the following commands to your boot configuration:

sed -i 's/GRUB_CMDLINE_LINUX_DEFAULT="/GRUB_CMDLINE_LINUX_DEFAULT="panic=5 /' /etc/default/grub grub-install

Since a patch is already available, so make sure that you are always using the most recent package versions and up to date operating system.