Posting this here FYI of other Maui users, in case it affects you.
Extracts:
"A vulnerability in Cryptsetup, concretely in the scripts that unlock the system partition when the partition is ciphered using LUKS (Linux Unified Key Setup) ... This vulnerability allows to obtain a root initramfs shell on affected systems. The vulnerability is very reliable because it doesn't depend on specific systems or configurations. Attackers can copy, modify or destroy the hard disc as well as set up the network to exflitrate data. This vulnerability is specially serious in environments like libraries, ATMs, airport machines, labs, etc, where the whole boot process is protect (password in BIOS and GRUB) and we only have a keyboard or/and a mouse" ... http://hmarco.org/bugs/CVE-2016-4484/CVE...shell.html
"If you use Debian or Ubuntu/ (probably many derived distributions are also vulnerable, but we have not tested), and you have encrypted the system partition, then your systems is vulnerable" ... http://hmarco.org/bugs/CVE-2016-4484/CVE...shell.html
"It could be quite easy to bypass the authentication procedures on some Linux systems just by holding down the Enter key for around 70 seconds. In this way, it is possible to open a shell with root privileges and gain complete remote control over encrypted Linux machine.The problem is related to a security vulnerability, tracked as CVE-2016-4484, in the implementation of the Cryptsetup utility" ... http://securityaffairs.co/wordpress/5349...linux.html
I think my systems are immune as i didn't install Maui with LUKS full-disk encryption during setup, only /home with eCryptFS during setup, & a separate /DATA partition with eCryptFS post-installation. However anyone with full-disk encryption might want to read the linked info.
Extracts:
"A vulnerability in Cryptsetup, concretely in the scripts that unlock the system partition when the partition is ciphered using LUKS (Linux Unified Key Setup) ... This vulnerability allows to obtain a root initramfs shell on affected systems. The vulnerability is very reliable because it doesn't depend on specific systems or configurations. Attackers can copy, modify or destroy the hard disc as well as set up the network to exflitrate data. This vulnerability is specially serious in environments like libraries, ATMs, airport machines, labs, etc, where the whole boot process is protect (password in BIOS and GRUB) and we only have a keyboard or/and a mouse" ... http://hmarco.org/bugs/CVE-2016-4484/CVE...shell.html
"If you use Debian or Ubuntu/ (probably many derived distributions are also vulnerable, but we have not tested), and you have encrypted the system partition, then your systems is vulnerable" ... http://hmarco.org/bugs/CVE-2016-4484/CVE...shell.html
"It could be quite easy to bypass the authentication procedures on some Linux systems just by holding down the Enter key for around 70 seconds. In this way, it is possible to open a shell with root privileges and gain complete remote control over encrypted Linux machine.The problem is related to a security vulnerability, tracked as CVE-2016-4484, in the implementation of the Cryptsetup utility" ... http://securityaffairs.co/wordpress/5349...linux.html
I think my systems are immune as i didn't install Maui with LUKS full-disk encryption during setup, only /home with eCryptFS during setup, & a separate /DATA partition with eCryptFS post-installation. However anyone with full-disk encryption might want to read the linked info.
