All Linux Platforms are vulnerable to the ‘Grinch’ Root Access vulnerabilityExploitation of the logging systemThreat perception
Exploitation of the logging system
This isn’t the first major vulnerability to be uncovered in Linux. The same researchers had uncovered vulnerabilities in JournalD back in August, 2014, which allowed attackers to hijack the terminal sessions for remote execute commands. Further digging led them to grinch. The vulnerability was found in a Linux authorization system which could give an unauthorized user root access to the system by leveraging “wheel,” a special user group that controls access to the su command and allows one user to operate as if they were another. Writing on the Alert Logic blog, Chief Security Evangelist, Stephen Coty stated, A potential hacker could exploit the Grinch flaw by either modifying the registered user accounts in a wheel or by manipulating the Policy Kit (Polkit), a graphical User interface for managing privileged operations for ordinary users. Whichever method the attacker uses, the goal is to gain root access to the system. With root access, the attacker has full administrative control and can install, modify programs or access files in any directory. The attacker is also able to remotely control the system implying they can create a replicating worm which can be spread to other systems instantaneously.
Threat perception
On the bright side, the researchers also denied any news of this vulnerability ever being used so far. So no major damage has been done. It is advised to restrict user permissions on your Linux systems and also monitor user activity until a proper patch is released. On the vulnerability level, Grinch could be to Linux what ShellShock is to Windows and even more severe as ShellShock infected those Windows machines which had cygwin. Until and unless a patch is released all the devices running on Linux are vulnerable to Grinch. Linux team is yet to confirm the Alert Logic’s finding or issue a patch for this vulnerability but Coty believed that Linux was working on this issue.
