Don't miss out on new posts! Sign up! Also, visit the VHT Forums!
Linux Shim vulnerab...
 
Notifications
Clear all

Linux Shim vulnerability CVE-2023-40547 affects most distributions

6 Posts
2 Users
0 Likes
904 Views
Brandon Lee
(@brandon-lee)
Posts: 409
Member Admin
Topic starter
 

There is a pretty bad Linux vulnerability that affects most distributions, including Debian, Ubuntu, SUSE, and others.

Shim, a critical component in the boot process of most Linux distributions, enables secure boot by embedding certificates and code to authenticate the bootloader. A vulnerability within Shim's handling of the HTTP protocol has been uncovered, leading to a potential out-of-bounds write scenario. This flaw could potentially allow for remote code execution.

This vulnerability is cataloged under CVE-2023-40547. The National Institute of Standards and Technology (NIST) has assigned it a CVSS score of 9.8, indicating its critical nature. Red Hat, on the other hand, rates this issue as "high severity" with a CVSS score of 8.3, reflecting a slightly different assessment of its impact.

Red Hat's advisory highlights the root cause: "The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise."

Eclypsium, a firm specializing in supply chain risk management, elucidates on the exploit process. An attacker could intercept HTTP traffic between the victim's system and the server meant to deliver boot-supporting files. This interception could occur at any point along the network path between the victim and the legitimate server, allowing the attacker to inject malicious content.

Furthermore, Eclypsium outlines that a local attacker, with sufficient privileges to alter EFI variables or EFI partition data (potentially through a live Linux USB drive), could modify the boot sequence to load a compromised version of Shim. This action could enable the execution of privileged code without necessitating the disabling of secure boot.

Moreover, an attacker situated on the same network as the target system could potentially exploit PXE (Preboot Execution Environment) to initiate a chain-load of a vulnerable Shim bootloader. This type of exploit grants the attacker early control of the system before the kernel loads, providing privileged access and the capability to bypass kernel and operating system-level security measures.

Addressing this vulnerability, as Eclypsium advises, involves not merely updating Shim to a version that contains a fix for this issue but also necessitates updating the entire secure boot chain of trust. This includes refreshing the UEFI Secure Boot DBX (revocation list), a critical step in ensuring the integrity of the secure boot process.

https://nvd.nist.gov/vuln/detail/CVE-2023-40547

https://www.securityweek.com/most-linux-systems-exposed-to-complete-compromise-via-shim-vulnerability/

 
Posted : 07/02/2024 9:04 am
Brandon Lee
(@brandon-lee)
Posts: 409
Member Admin
Topic starter
 

@t3hbeowulf @malcolm-r Curious what you guys have seen at work on this front with the new Linux shim boot loader vulnerability? Major push to patch quickly?

 
Posted : 07/02/2024 7:26 pm
(@malcolm-r)
Posts: 58
Trusted Member
 

@brandon-lee well there's no patch available right now, so we're really in a holding pattern until RedHat does something.

 
Posted : 08/02/2024 10:26 am
(@malcolm-r)
Posts: 58
Trusted Member
 

also, it looks like redhat just updated the CVE page to note this: "This flaw is only exploitable when the machine is booting UEFI through the network."

which we don't do here.

 
Posted : 08/02/2024 10:36 am
Brandon Lee
(@brandon-lee)
Posts: 409
Member Admin
Topic starter
 

@malcolm-r Ah great observation. Yeah that may not be that exploitable if you aren't booting from network. Wondering if an attacker would have to have access to the console other wise.

 
Posted : 08/02/2024 10:51 am
Brandon Lee
(@brandon-lee)
Posts: 409
Member Admin
Topic starter
 

Update Ubuntu, and other Linux distros, using Ansible:

https://www.virtualizationhowto.com/2024/01/how-to-update-ubuntu-with-ansible/

 
Posted : 13/02/2024 3:53 pm