Bobcares

wesupport

CLIENT AREACall Us 1-800-383-5193
Bobcares

wesupport

Call Us 1-800-383-5193
Bobcares

wesupport

Call Us 1-800-383-5193

Need help?

Our experts have had an average response time of 13.52 minutes in October 2021 to fix urgent issues.

We will keep your servers stable, secure, and fast at all times for one fixed price.

Boot Hole vulnerability CVE-2020-1073 – tip to avoid risk

by | Jul 31, 2020

On 29th July, RedHat disclosed a Boot hole vulnerability in the grub2 (CVE-2020-1073).This flaw allows an attacker, already on the system, to hijack the boot process and execute malicious code during system startup.

As of this writing, RedHat is still working to release new patches to fix this vulnerability.

At Bobcares, we constantly monitor servers and patch up server against server vulnerabilities as part of our Server Management Services.

Today, we’ll see more about the boot hole vulnerability and the tips to avoid risk.


 

What is Boot Hole vulnerability CVE-2020-1073?

“BootHole” vulnerability in the GRUB2 bootloader opens up Windows and Linux devices for attack. This vulnerability uses the GRUB2 bootloader to perform arbitrary code execution during the boot process, even when Secure Boot is enabled.

In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system. With this access, they could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB.
 

Are we affected with Boot Hole vulnerability (CVE-2020-1073)?

The vulnerability affects systems using Secure Boot, even if they are not using GRUB2. Almost all signed versions of GRUB2 are vulnerable, meaning virtually every Linux distribution is affected.

The problem also extends to any Windows device that uses Secure Boot with the standard Microsoft Third Party UEFI Certificate Authority. Thus the majority of laptops, desktops, servers and workstations are affected, as well as network appliances and other special purpose equipment used in industrial, healthcare, financial and other industries.

Further a vulnerability detection script is available online to check if our system is currently vulnerable to this flaw.
 

Tips to avoid risk

As we discussed earlier, RedHat is currently working on releasing new patches to fix this vulnerability.

In the meantime, it is strongly recommended that Red Hat customers do not apply grub2, fwupd, fwupdate or shim updates until new packages are available. However, there are some tips available to remediate the effects of the update. The steps to be follow after a reboot and before a reboot varies. Let us look at them in detail.

Before system reboot

  1. First, we need to Downgrade the packages immediately
    # yum downgrade shim\* grub2\* mokutil
    
  2. Then, Protect yum from upgrading the packages by adding the following entry in /etc/yum.conf
    exclude=grub2* shim* mokutil
    

After system reboot

  1. Boot the system with the RHEL DVD in Troubleshooting mode
  2. Set up the network.
  3. Enter the chroot
    # chroot /mnt/sysimage
    
  4. Downgrade the packages
    # yum downgrade shim\* grub2\* mokutil
    
  5. Protect yum from upgrading the packages by adding the following entry in /etc/yum.conf
    exclude=grub2* shim* mokutil
    
  6. Exit the chroot and reboot
    # exit
    # exit

[Need any further assistance in applying patches? – We’re available 24*7]
 

Conclusion

In short, the Boot hole vulnerability in the grub2 (CVE-2020-1073) allows an attacker, already on the system, to hijack the boot process and execute malicious code during system startup.Today, we saw how our Support Engineers fix this error.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *