Attackers need just over a minute to gain access to Linux systems by holding down the Enter key for exactly 70 seconds. This particular "hack" does them gift a root initramfs shell.
The simple exploit it exists because of a bug in Linux Unified Key Setup (LUKS) used by popular Linux distributions.
Let's say that with shell access, an attacker could decrypt systems. The attack also works on Linux cloud systems.
Debian and Fedora are two distributions that have been confirmed to be vulnerable to problem.
The problem was identified by Hector Marco, a lecturer at University West of Scotland, along with assistant professor Ismael Ripoll from the Polytechnic University of Valencia. Researchers say the problem does not require a particular configuration of the system and they say:
This vulnerability allows [the hacker] to obtain a root initramfs shell on the affected systems. Vulnerability is very reliable, because it does not depend on specific systems or configurations.
Attackers can copy, modify, or destroy the hard drive, as well as create a network για να εξάγουν τα δεδομένα. Η ευπάθεια είναι ιδιαίτερα σοβαρή σε περιβάλλοντα όπως βιβλιοθήκες, ΑΤΜ, μηχανήματα αεροδρομίου, εργαστήρια, κλπ, όπου για την όλη διαδικασία εκκίνησης η προστασία είναι στο Password BIOS and GRUB and only have a keyboard or even a mouse.
The exploit has been repaired according to Marco and Ripoll.
http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html