Linux has serious vulnerability in its GRUB bootloader which could allow hackers to access a locked computer by just typing the backspace key 28 times.
Pressing the backspace key 28 times can bypass the Grub2 bootloader’s password protection and allow a hacker to install malware on a locked-down Linux system.
GRUB, which stands for the Grand Unified Bootloader, is used by most Linux distributions to initialize the operating system when the computer starts. It has a password feature that can restrict access to boot entries, for example on computers with multiple operating systems installed.
The vulnerability, which is tracked as CVE-2015-8370, affects all versions of Grub2 from 1.98, released in December, 2009, to the current 2.02. Ubuntu, Red Hat, Debian and probably other distributions too, have released fixes for this flaw. Users are advised to install any updates they receive for the grub2 package as soon as possible.
Vulnerability in popular bootloader puts locked-down Linux computers at risk | PCWorld
Pressing the backspace key 28 times can bypass the Grub2 bootloader’s password protection and allow a hacker to install malware on a locked-down Linux system.
GRUB, which stands for the Grand Unified Bootloader, is used by most Linux distributions to initialize the operating system when the computer starts. It has a password feature that can restrict access to boot entries, for example on computers with multiple operating systems installed.
The vulnerability, which is tracked as CVE-2015-8370, affects all versions of Grub2 from 1.98, released in December, 2009, to the current 2.02. Ubuntu, Red Hat, Debian and probably other distributions too, have released fixes for this flaw. Users are advised to install any updates they receive for the grub2 package as soon as possible.
Vulnerability in popular bootloader puts locked-down Linux computers at risk | PCWorld