To Customer Support To Customer Support

Grinch Bug Could be worse than Shellshock, Says Experts

  • 17 December 2014
  • 2 replies
  • 469 views
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
by Pierluigi Paganini on December 17th, 2014
 

Researchers discover a vulnerability in Linux operating systems dubbed Grinch Bug, which be exploited to give malicious hackers Root access to a computer system.The flaw resides in the authorization system in Linux which allows privilege escalation through the wheel.

 
A new privilege escalation bug similar to shellshock is giving Linux administrators sleepless nights just days after the Poodle, another deadly bug of 2014 resurfaced. The Grinch vulnerability, affecting all Linux based operating system potentially gives an attacker root access to a system according to Alert Logic who announced the Bug on Tuesday.
Grinch could be worse than ShellShock which plagued the tech world earlier in September. Shellshock is a coding mistake in Bash which affected all UNIX based operating system, including Linux and Mac. Like shellshock, Grinch potentially gives an attacker root access to a system without a password or Encryption keys.
 
Full Article

2 replies

R
Rank
Userlevel 7
By Eduard Kovacs on December 18, 2014
 
Researchers at cloud security company Alert Logic have discovered a vulnerability in the Linux platform that can lead to privilege escalation. The flaw has been dubbed "Grinch."
According to Alert Logic, Grinch could affect all Linux systems, including Web servers and mobile devices. The security hole is actually a common configuration issue related to Polkit, a relatively new component used for controlling system-wide privileges on Unix-like operating systems.
Unlike Sudo, which enables system administrators to give certain users the ability to run commands as root or another user, Polkit allows a finer level of control by delimiting distinct actions and users, and defining how the users can perform those actions.
Privilege escalation can be achieved through "wheel," a special user group with administrative privileges. On Linux systems, the default user is automatically assigned to this group, Stephen Coty, chief security evangelist at Alert Logic wrote in a blog post.
"The problem pointed out by Alert Logic is two fold. First of all, the default Polkit configuration on many Unix systems (e.g. Ubuntu), does not require authentication. Secondly, the Polkit configuration essentially just maps the 'wheels' group, which is commonly used for Sudo users, to the Polkit 'Admin'. This gives users in the 'wheel' group access to administrative functions, like installing packages, without having to enter a password," explained Johannes Ullrich of the SANS Internet Storm Center.
 
full article
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
Dec 18, 2014  Joab Jackson
 
The “grinch” Linux vulnerability that Alert Logic raised alarms about Tuesday is not a vulnerability at all, according to Red Hat.
“This report incorrectly classifies expected behavior as a security issue,” said a Red Hat bulletin issued Wednesday, responding to Alert Logic’s claims.
Security firm Alert Logic Tuesday claimed that grinch could be as severe as the Heartbleed bug and that it’s a serious design flaw in how Linux systems handle user permissions, which could allow malicious attackers to gain root access to a machine.
Alert Logic claimed that an attacker could exploit grinch through the use of a third-party Linux software framework called Policy Kit (Polkit), which was designed to aid users in installing and running software packages. Red Hat maintains Polkit, an open-source program. By allowing users to install software programs, which usually requires root access, Polkit could provide an avenue to run malicious programs, inadvertently or otherwise, Alert Logic said.
 
Full Article
 

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.