1

The following site brought a question to mind. Go there and read the article.
They basically say that it's possible to bypass my cryptsetup password on my ubuntu version by holding down the Enter key for 70 seconds.

If this would be true, it would cause me some concern. I believed that linux OS has a good deal of security.

This vulnerability allows one to obtain a root initramfs shell on affected systems

Has anyone ever heard of this?

And, if yes - I know that it's from november 2016.

These researchers are offering a "fix". What do you think?

Thomas Ward
  • 74,764
encrypted
  • 11
  • Note that Mint is offtopic here; we can't validate if Mint is patched for this or not. – Thomas Ward Feb 26 '17 at 03:18
  • “Has anyone ever heard of this?” Yes. “What do you think?” Our personal thoughts and opinions are off topic on AskUbuntu. If you want to know more about the vulnerability, its state in Ubuntu and a work-around see the linked question. I'm voting to keep this closed. – David Foerster Feb 26 '17 at 08:08

1 Answers1

0

This CVE-2016-4484 issue was reported a while back which allowed any debian or redhat based distro to be hacked just by pressing the enter key for 60-70 secs.

The issue is similar to many other similar way you can gain access to login shell during boot process which is why they marked it low priority here https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1660701

I think the vulnerability is patched as the hacker gave an detailed description of his work and where the vulnerability is exactly so you don't have to worry. I think they released a patch but i'm not sure as i don't quite remember but as long as the issue is concerned its way below critical to be start panicking about as there are more similar bugs out there.

Suraj Mandal
  • 324