Test whether Ubuntu is vulnerable to (CVE-2016-4484)

I've been reading this. Apparently I would gain root access if I hold down enter (somewhere) for 70 seconds. I tried it on a password prompt but it gave me like 3 attempts and stopped. I tried it on a tty but it didn't work also. Am I not vulnerable or am I doing it wrong?


See the security website from Canonical on this. All releases have a "needed" so there is no fix yet for them.

So if you match the conditions for this bug you can affected. For 1 you need to be using Linux Unified Key Setup (LUKS), cryptsetup. So your partition needs to be using encryption. If you do not ... you do not have a problem. (More info at hmarco.org)

The fix is rather easy, just run this commands to add panic parameter to your boot configuration:

sudo sed -i 's/GRUB_CMDLINE_LINUX_DEFAULT="/GRUB_CMDLINE_LINUX_DEFAULT="panic=5 /' /etc/default/grub grub-install
sudo grub-install

panic=5 to your options preventing this problem. This is the number of seconds you want to initiate the reboot after the panic. Adding the panic parameter to the kernel entry in the grub configuration will prevent a shell.