'Grinch' Bug May Affect Most Linux Systems

But newly discovered vulnerability not as urgent as previous open-source bug disclosures.

Dark Reading Staff, Dark Reading

December 18, 2014

2 Min Read

A new Linux vulnerability -- nicknamed "Grinch" -- is a mean one that researchers say could affect all Linux systems as well as mobile devices based on the operating system.

There's no patch available yet for the flaw, which could let an attacker escalate privileges on a Linux machine to install malware or conduct other nefarious activity. But this is no Heartbleed or Shellshock moment: Grinch doesn't pose an imminent threat, security experts say, but it should serve as a wakeup call for how Linux systems are configured.

"I think [there's] no need to get distracted from Christmas shopping. This is something that can wait until January," says Johannes Ullrich, director of SANS Internet Storm Center.

Stephen Coty, chief security evangelist for Alert Logic, which discovered the flaw, says so far, there's been no word on the timing of a patch for the bug.

"Anyone who goes with a default configuration of Linux is susceptible to this bug," he says, and he thinks home users or those not very Linux-savvy are most at risk. "We haven't seen any active attacks on it as of yet, and that is why we wanted to get it patched before people started exploiting it."

{Image 1}

The flaw lies in the open-source privilege management component polkit (a.k.a. PolicyKit) for Linux, which lets an administrator determine which privileges a user can have while running a specific software application. Alert Logic found that the default configuration of polkit in many Linux-based environments doesn't require any authentication, plus it gives users a group access to admin privileges like installing software without using a password, says SANS's Ullrich.

According to Ullrich, the big takeaway from this bug is that Linux administrators need to better understand and configure the polkit function in the operating system. "Linux distributions haven't done a very good job in pre-configuring polkit safely," he says.

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights