Linux Security
    Linux Security
    Linux Security

    BootHole Shows Need for Greater Scrutiny

    Date
    532
    Posted By
    Old Shoe 769x300

    Recent BootHole vulnerabilities reconfirm that security functions require additional scrutiny to protect users and systems from dangerous exploits.

     

    The recent BootHole and related vulnerabilities raise the question of whether software used for critical security functions should have special scrutiny. When a security operation fails the ramifications are considerable, especially when the security process is widely distributed. Heartbleed, a critical vulnerability found in the OpenSSL library, is an example and BootHole is the most recent.

    The BootHole vulnerability was discovered by Eclypsium in April 2020 but was not disclosed until July 28. It took nearly four months to remediate because many stakeholders were involved. The Eclypsium researchers found a buffer overflow in GRUB2 (GRand Unified Bootloader version 2), which is the default bootloader in most Linux OS distributions. Gaining control of a bootloader is an ultimate prize for attackers (and their malware) because it provides persistent access to a device.

    LinuxSecurity Poll

    How are you contributing to Open Source?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /main-polls/37-how-are-you-contributing-to-open-source?task=poll.vote&format=json
    37
    radio
    [{"id":"127","title":"I'm involved with the development of an open-source project(s).","votes":"1","type":"x","order":"1","pct":100,"resources":[]},{"id":"128","title":"I've reported vulnerabilities I've discovered in open-source code.","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"129","title":"I've provided developers with feedback on their projects.","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"130","title":"I've helped another community member get started contributing to Open Source.","votes":"0","type":"x","order":"4","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.