Heads-up! Major `shim’ issue

Forum Forums antiX-development Development Heads-up! Major `shim’ issue

  • This topic has 6 replies, 5 voices, and was last updated Feb 9-6:01 pm by Brian Masinick.
Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #132275
    Member
    dukester

      You may already be aware of this – but if not, here it is:

      https://linux.slashdot.org/story/24/02/07/1749248/critical-vulnerability-affecting-most-linux-distros-allows-for-bootkits

      • This topic was modified 3 weeks ago by anticapitalista. Reason: corrected misleading title

      --
      dukester

      #132276
      Member
      blur13

        Interesting. The topics title should be changed to “Major `shim’ issue”. I dont think antiX uses shim since its a systemd thing. I could be wrong.

        #132277
        Member
        abc-nix

          antiX is already “vulnerable” because it requires Secure Boot to be DISABLED. Those that have installed Debian signed kernels and the corresponding shim will have to pay attention and update as soon as the patch arrives on the Debian repos.

          #132278
          Moderator
          Brian Masinick

            I am not concerned about vulnerability.
            I don’t do a lot of things that concern me regarding security.
            Not only that, it takes a few minutes to reinstall antiX;
            to me that is not a big deal; I can also run from USB.

            The locations that provide my personal services are the places
            that better be careful; I’ve never lost any valuable information
            from my system, but I’ve been compromised a couple of times
            from places where I do business; no monetary loss was involved.

            --
            Brian Masinick

            #132363
            Member
            Xunzi_23

              For the noted CVE, there are several more in the Red Hat IBM maintained shim required for (in)secure EFI boot systems.
              Description as below.

              An attacker could perform a MiTM (Man-in-the-Middle) attack and intercept HTTP traffic between the victim and the HTTP server used to serve files to support HTTP boot. The attacker could be located on any network segment between the victim and the legitimate server.

              The vulnerability can also be exploited locally by an attacker with enough privileges to manipulate data in the EFI Variables or on the EFI partition. This can be accomplished with a live Linux USB stick. The boot order can then be changed such that a remote and vulnerable shim is loaded on the system. This shim is then used to execute privileged code from the same remote server, all without ever disabling Secure Boot.

              An attacker on the same network as the victim can manipulate PXE to chain-load a vulnerable shim bootloader.

              An attacker exploiting this vulnerability gains control of the system before the kernel is loaded, which means they have privileged access and the ability to circumvent any controls implemented by the kernel and operating system.

              #132532
              Member
              Xunzi_23

                The content of this thread has nothing to do with slim.

                It is about one of several Bugs in UEFI secure boot shim. Last time I looked there were 5 more…

                Would a moderator pls change the misleading title, I guess dukester can not do so any longer.

                #132579
                Moderator
                Brian Masinick

                  I am not concerned about vulnerability.
                  I don’t do a lot of things that concern me regarding security.
                  Not only that, it takes a few minutes to reinstall antiX;
                  to me that is not a big deal; I can also run from USB.

                  The locations that provide my personal services are the places
                  that better be careful; I’ve never lost any valuable information
                  from my system, but I’ve been compromised a couple of times
                  from places where I do business; no monetary loss was involved.

                  Not to deliberately downplay this, or any other vulnerability;
                  one reasonably “safe” thing to do is to turn off your system
                  when you are not using it, be aware of what’s going on when
                  your system IS active, and pay attention to “odd” messages
                  that appear. If anything APPEARS to change and you have
                  NOT made a change yourself, that’s a reason to “investigate”.

                  Was it something you actually “did” and simply did not realize
                  what was taking place, or was your system actually compromised?

                  Having plenty of spare (not plugged in) USB Flash Drives or other
                  ways to recover a system is good practice; multiple copies, multiple
                  backup strategies, and so on (things that I have mentioned countless
                  times over the years) are all measures that any reasonably intelligent
                  person can utilize. Do at LEAST a couple of these things and it’s
                  possible to recover from intrusions, and good practices reduce the
                  likelihood of being intruded on in the first place.

                  Also, while these intrusions can be potentially dangerous and
                  costly, “bad guys” still try to get into unprotected or poorly
                  protected resources FIRST; and if they intrude, they use those
                  unprotected places as launching sites for quite a bit of their
                  “bad guy” behavior. DEFINITELY don’t be someone who EVER
                  makes it SUPER easy to be a target! Such systems may as well
                  be either replaced or completely reconstructed!

                  --
                  Brian Masinick

                Viewing 7 posts - 1 through 7 (of 7 total)
                • You must be logged in to reply to this topic.