This article is more than 1 year old
Linux 'GRINCH' vuln is AWFUL. Except, er, maybe it isn't
Securo-bods in bunfight over priv-escalation problem
A dispute has arisen about the seriousness of a vulnerability in Linux, dubbed "Grinch", that supposedly creates a privilege escalation risk.
The flaw resides in the Linux authorisation system, which can unintentionally allow privilege escalation, granting a user “root", or full administrative, access.
“With full root access, an attacker would be able to completely control a system, including the ability to install programs, read data, and use the machine as a launching point for compromising other systems,” Alert Logic warns.
Alert Logic warns that the “grinch”1 bug impacts all Linux platforms, including mobile devices.
Alert Logic admits it has NOT seen any exploits that harness this vulnerability. Other security firms believe Alert Logic is overstating the risk, which Trend Micro characterises as “limited”.
The scope of this vulnerability is very limited. Grinch is not remotely exploitable; it requires that an attacker have physical access the server they want to attack.
In addition, the attacker must already have access to an account in the wheel group (i.e., already have elevated privileges as local administrators), polkit [toolkit for privilege authorisation] must be installed, and the PackageKit package management system must be in use.
The barriers to exploitation are significant; in a very real way to exploit this flaw you must already have very high levels of access, making exploiting this “vulnerability” unnecessary.
An independent researcher first posted about the vulnerability – which he called PackageKit Privilege Escalation – almost a month ago before Alert Logic picked up on the threat and publicised it. ®
1The bug was named after the famous Dr Seuss character, since it supposedly carries the potential to ruin the season of network administrators.