Researchers last week revealed a zero-day flaw that lets attackers take over a Linux system by pressing the backspace key repeatedly. Pressing backspace 17 to 20 times will overwrite the highest byte of the return address of the grub_memset() function, ultimately causing a reboot by redirecting control flow to the 0x00eb53e8 address, according to the Cybersecurity Group at the Universitat Politecnica de Valencia. The flaw is in Grub v 1.98 and later. Grub is the bootloader used by most Linux systems, including some embedded systems.
from TechNewsWorld http://ift.tt/1OpgWFM
No comments:
Post a Comment