Grinch vulnerability could hit Linux systems

News by Kate O'Flaherty

Security researchers uncover 'grinch' vulnerability that could affect all Linux systems

A Linux vulnerability dubbed 'grinch' has been uncovered by security researchers. The vulnerability, which could affect all Linux systems, has the potential to provide hackers with unfettered root access, security firm Alert Logic warned in a blog post.

The flaw resides in Linux's authorisation system and can inadvertently allow privilege escalation, granting a user full administrative access. This would allow an attacker to take control, potentially stealing data and compromising other systems.

The vulnerability could target all Linux systems, including cloud-based platforms and Android phones, which run the Linux kernel.

Richard Cassidy, technical director EMEA at Alert Logic, told "This vulnerability relies on the privileges granted to the system through the 'wheel' user-group - a fundamental group of all Linux based operating systems - that can allow install of a malicious package through PKCon. In this respect, it affects all Linux operating systems, of which over 65 percent of all web servers run currently."

It could be as damaging as the Shellshock bug seen in September, Alert Logic warned. However, the security researchers have not yet seen any exploits that harness the vulnerability.

No patches currently exist, but Alert Logic said companies can take preventive measures to guard against attacks that harness the vulnerability.

Cassidy added to SC: "Given how the vulnerability operates, organisations should monitor administrative actions through log file analysis and alert-based triggers on their Linux systems, looking at activity around updates and package installations for suspicious activity. Identifying key servers during the holiday period and putting in place higher levels of monitoring with restrictive policies for mission critical application updates will help to reduce the risk."

Paco Hope, principal consultant at Cigital told that the vulnerability is "nowhere near as severe as Shellshock".

He explained to SC: "It is a simple implementation bug in a particular policy framework that will only be present on very modern, multi-user Linux systems. It allows one significant compromise — access to a 'wheel' group Unix accounts — to be leveraged into a full compromise of the host or virtual machine."

Hope added to SC: "What is interesting is how an implementation bug in a particular package — something they can fix fairly quickly and simply — manifests itself as a flaw in an overall system. This is a timely reminder that building in security extends not just to the code that we write, but to the systems that we build and run it on."

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews