/tech/ - Tech


Mode: Reply

Max message length: 8192


Max file size: 20.00 MB

Max files: 3


(used to delete files and postings)


Remember to follow the rules

(100.76 KB 1520x1000 boothole.jpg)
GRUB2 pwned through UEFI exploit Comrade 07/30/2020 (Thu) 07:02:03 No. 3737
Yet another gaping security flaw has been found in the Microsoft Trojan Horse replacement for BIOS known as UEFI. This one affects GRUB2 bootloaders in particular. https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/ Eclypsium researchers have discovered a vulnerability — dubbed “BootHole” — in the GRUB2 bootloader utilized by most Linux systems that can be used to gain arbitrary code execution during the boot process, even when Secure Boot is enabled. Attackers exploiting this vulnerability can install persistent and stealthy bootkits or malicious bootloaders that could give them near-total control over the victim device. The vulnerability affects systems using Secure Boot, even if they are not using GRUB2. Almost all signed versions of GRUB2 are vulnerable, meaning virtually every Linux distribution is affected. In addition, GRUB2 supports other operating systems, kernels and hypervisors such as Xen. The problem also extends to any Windows device that uses Secure Boot with the standard Microsoft Third Party UEFI Certificate Authority. Thus the majority of laptops, desktops, servers and workstations are affected, as well as network appliances and other special purpose equipment used in industrial, healthcare, financial and other industries. This vulnerability makes these devices susceptible to attackers such as the threat actors recently discovered using malicious UEFI bootloaders.
can you give a practical summary for us jocks? half the time i hear about such vulnerabilities it turns out the attacker needs physical access to your machine and 3 inches of his dick in your mouth as a prerequisite to the exploit. do normies actually need to worry about this?
>>3738 Basically this vulnerability requires root / admin access to access the grub.cfg file located in the EFI System Partition, which means the attacker must first gain a foothold on the system and escalate privileges (physical access also works). The vuln only helps with persistence across system reboots, so it’s unnecessary — and perilously noisy — for attackers to employ this if they already have root on a system that never reboots. In other words, protect your system from privilege escalation attacks and prevent evil maids in hotel rooms from physically accessing your machine and you protect yourself from this. Also you should laugh at anyone who has ever relied upon Secure Boot to protect themselves, a "feature" that has been broken by design since its inception.
>>3738 it has a catchy name and a logo that means it is scary
>>3739 >Basically this vulnerability requires root / admin access You're already beyond fucked at that point anyway. There are more important vuls discovered all the time that either escalate the privileges or gain access to the system over network in the first place. But most of them are so specific that there's very little chance you'll get hit if you update your system, even if takes a month for the fix to arrive in your repos.
>>3744 Why is everything so comodified and branded that even something as obscure and technical as security vulnerabilities get flashy logos, graphic design and a name that sounds like it was created by a marketing focus group? It's just ridiculous.
>>4053 It was created by a marketing focus group. It's advertisement for the business that found it.


no cookies?