With all the security exploits in the wild these days, it pays to protect your data. One would think that encrypting your filesystems would be a good step in the right direction. Normally it would, but in this case not so much. Unlike Iron Maiden’s nod to the doomsday clock in the song 2 minutes to midnight, now it doesn’t even take that long to compromise a system. No- watch out, here comes Cryptsetup. We’ll do it for you in 30 seconds! Ok, maybe too many references to British heavy metal bands and cult classic movies but you get the point.
CVE-2016-4484: Cryptsetup Initrd root Shell was first revealed to “the public” about a week ago at the DeepSec security conference held in Austria and a few days later on the web at large. The kicker is that it only applies if you have encrypted your system partition. There is a much more detailed writeup here on how it works, how to tell if you’re vulnerable and how to fix it. The good news is apparently not many people are encrypting their system partitions because I can’t believe that someone hasn’t even by accident ran across this until now (who hasn’t accidentally left something pressing the enter key on their keyboard like a book or something like that).