In this article, we will consider a very interesting vulnerability in the "domestic" Astra Linux operating system, and so, let's start ...
Astra Linux is a special-purpose operating system based on the Linux kernel, designed for comprehensive information protection and building secure automated systems.
The manufacturer is developing the basic version of Astra Linux - Common Edition (general purpose) and its modification Special Edition (special purpose):
- general purpose edition - Common Edition - designed for medium and small businesses, educational institutions;
- special edition - Special Edition - designed for automated systems in a secure design, processing information with a degree of secrecy "top secret" inclusive.
Initially, a vulnerability in the screen locker was discovered on the Astra Linux Common Edition v2.12 operating system, it manifests itself at the moment when the computer is in a locked state and if the screen resolution is changed at this stage. In particular, in virtual environments (VMWare, Oracle Virtualbox), the contents of the desktop are fully displayed without authorization.
This vulnerability was also successfully exploited on Astra Linux Special Edition v1.5. Perhaps there is an option to obtain information from physical machines, by using multiple monitors with different resolutions.
Below is a video with a demonstration on Astra Linux Special Edition v1.5 (the station was blocked, the station window extension was changed):
Screenshot from the video (data fragment on the desktop):
In general, we can conclude that the exploitation of this gap will allow you to secretly get acquainted with the contents of documents (including restricted access) opened on the desktop of a blocked station with Astra Linux, which will lead to a leak of this kind of information.
Source: habr.com