'Grinch' Bug May Affect Most Linux Systems'Grinch' Bug May Affect Most Linux Systems
But newly discovered vulnerability not as urgent as previous open-source bug disclosures.
December 18, 2014
A new Linux vulnerability -- nicknamed "Grinch" -- is a mean one that researchers say could affect all Linux systems as well as mobile devices based on the operating system.
There's no patch available yet for the flaw, which could let an attacker escalate privileges on a Linux machine to install malware or conduct other nefarious activity. But this is no Heartbleed or Shellshock moment: Grinch doesn't pose an imminent threat, security experts say, but it should serve as a wakeup call for how Linux systems are configured.
"I think [there's] no need to get distracted from Christmas shopping. This is something that can wait until January," says Johannes Ullrich, director of SANS Internet Storm Center.
Stephen Coty, chief security evangelist for Alert Logic, which discovered the flaw, says so far, there's been no word on the timing of a patch for the bug.
"Anyone who goes with a default configuration of Linux is susceptible to this bug," he says, and he thinks home users or those not very Linux-savvy are most at risk. "We haven't seen any active attacks on it as of yet, and that is why we wanted to get it patched before people started exploiting it."
The flaw lies in the open-source privilege management component polkit (a.k.a. PolicyKit) for Linux, which lets an administrator determine which privileges a user can have while running a specific software application. Alert Logic found that the default configuration of polkit in many Linux-based environments doesn't require any authentication, plus it gives users a group access to admin privileges like installing software without using a password, says SANS's Ullrich.
According to Ullrich, the big takeaway from this bug is that Linux administrators need to better understand and configure the polkit function in the operating system. "Linux distributions haven't done a very good job in pre-configuring polkit safely," he says.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023