Servers at risk from “BootHole” bug – what you need to know

2020-07-30 15:35

The good news for most of us is that it relies on a bug in a bootloader program known as GRUB, short for Grand Unified Boot Loader, which is rarely found on Windows or Mac computers.

The BootHole vulnerability is a parsing error in the GRUB bootloader that leads to a buffer overflow while the configuration file is being read in.

Apparently, Eclypsium's bug report prompted not just a bug fix in GRUB but a code review looking for other smilar coding errors, given the extra severity of buffer overflows in the bootloader world.

As a commenter pointed out, an attacker with physical access to your laptops or servers could, if booting from external devices is enabled, use a "Pre-infected" Linux USB drive - one rigged out with a booby-trapped GRUB setup - as a way to run unsigned bootloader code on, say, a Windows computer.

These updates often take a long time to show up because all bootloaders ever signed with the key being retired need to be re-signed and re-issued first, even those with no bugs that would not otherwise need updating.

News URL

https://nakedsecurity.sophos.com/2020/07/30/servers-at-risk-from-boothole-bug-what-you-need-to-know/

#server