The Debian initrd script for the cryptsetup package 2:1.7.3-2 and previous versions allows physically proximate malicious users to gain shell access via many log in attempts with an invalid password.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cryptsetup project cryptsetup |
Bad LUKS strikes Pengiunistas
Attackers with a little more than a minute to spare can get their foot in the door on Linux boxes by holding down the Enter key for 70 seconds – an act that gifts them a root initramfs shell. The simple exploit, which requires physical access to the system, exists due to a bug in the Linux Unified Key Setup (LUKS) used in popular variations of Linux. With access to an initramfs environment shell, an attacker could then attempt to decrypt the encrypted filesystem by brute-force. The attack also...