security - Test whether Ubuntu is vulnerable to (CVE-2016-4484) - Ask Ubuntu
i've been reading this. apparently gain root access if hold down enter (somewhere) 70 seconds. tried on password prompt gave me 3 attempts , stopped. tried on tty didn't work also. not vulnerable or doing wrong?
see security website canonical on this. releases have "needed" there no fix yet them.
so if match conditions bug can affected. 1 need using linux unified key setup (luks), cryptsetup. partition needs using encryption. if not ... not have problem. (more info @ hmarco.org)
the fix rather easy, run commands add panic parameter boot configuration:
sudo sed -i 's/grub_cmdline_linux_default="/grub_cmdline_linux_default="panic=5 /' /etc/default/grub grub-install sudo grub-install
panic=5
options preventing problem. number of seconds want initiate reboot after panic. adding panic
parameter kernel entry in grub configuration prevent shell.
Comments
Post a Comment