In this article, we will look at a very interesting vulnerability in a "domestic" operating system. Astra Linux, and so, let's begin...
Astra Linux — a special-purpose operating system based on the kernel Linux, created for comprehensive information protection and the construction of secure automated systems.
The manufacturer is developing a basic version Astra Linux — Common Edition (general purpose) and its modification Special Edition (special purpose):
- general purpose edition - Common Edition - designed for medium and small businesses, educational institutions;
- special edition - Special Edition - designed for automated systems in a secure design, processing information with a degree of secrecy "top secret" inclusive.
The vulnerability in the screen locker was initially discovered on the operating system Astra Linux Common Edition v2.12, it occurs when the computer is locked and if the screen resolution is changed at this point. Specifically, in virtual environments (VMWare, Oracle Virtualbox), the full desktop content is displayed without authorization.
This vulnerability was also successfully exploited on Astra Linux Special Edition v1.5. It may be possible to obtain information from physical machines by using multiple monitors with different resolutions.
Below is a video demonstrating the Astra Linux Special Edition v1.5 (station was blocked, station window expansion was changed):
Screenshot from the video (data fragment on the desktop):
In general, it can be concluded that exploitation of this vulnerability will allow one to secretly view the contents of documents (including those with restricted access) opened on the desktop of a blocked station with Astra Linux, which will lead to a leak of this type of information.
Source: habr.com
