4

I've been reading this. Apparently I would gain root access if I hold down enter (somewhere) for 70 seconds. I tried it on a password prompt but it gave me like 3 attempts and stopped. I tried it on a tty but it didn't work also. Am I not vulnerable or am I doing it wrong?

842Mono
  • 9,790
  • 28
  • 90
  • 153
  • Do you have a LUKS encrypted disk? – muru Nov 20 '16 at 16:40
  • I don't think so. I didn't really know what that is. (I googled it now quickly) @muru – 842Mono Nov 20 '16 at 16:43
  • ...so apparently I have to have such an encrypted disk to be vulnerable – 842Mono Nov 20 '16 at 16:44
  • That's the whole point. This vulnerability works on encrypted disks only, which is why this issue is so big – Sergiy Kolodyazhnyy Nov 20 '16 at 16:53
  • Similar to: http://askubuntu.com/questions/851064/is-there-a-way-to-check-if-the-cryptsetup-vulnerability-patch-is-already-install and it's original duplicate: http://askubuntu.com/questions/563408/how-can-i-tell-if-a-cve-has-been-fixed-in-ubuntus-repositories – WinEunuuchs2Unix Nov 20 '16 at 17:09

1 Answers1

3

See the security website from Canonical on this. All releases have a "needed" so there is no fix yet for them.

So if you match the conditions for this bug you can affected. For 1 you need to be using Linux Unified Key Setup (LUKS), cryptsetup. So your partition needs to be using encryption. If you do not ... you do not have a problem. (More info at hmarco.org)

The fix is rather easy, just run this commands to add panic parameter to your boot configuration:

sudo sed -i 's/GRUB_CMDLINE_LINUX_DEFAULT="/GRUB_CMDLINE_LINUX_DEFAULT="panic=5 /' /etc/default/grub grub-install
sudo grub-install

panic=5 to your options preventing this problem. This is the number of seconds you want to initiate the reboot after the panic. Adding the panic parameter to the kernel entry in the grub configuration will prevent a shell.

David Foerster
  • 36,264
  • 56
  • 94
  • 147
Rinzwind
  • 299,756