Dec 162014

A security alert by cloud and security services provider Alert Logic warns of a dangerous vulnerability in the Linux authorization system that allows privilege escalation through “wheel” to unauthorised users.

Wheel is a special user group controlling access to su command, and thereby superuser privileges.

The vulnerability permits unauthorized users to get root access, which in essence means gaining control of the entire system to do whatever malicious actions they want to.

Named “Grinch” (after Dr.Seuss’ unsavory fictional character), the vulnerability is considered serious because of Linux’ sway in e-commerce deployments.

Surveys have found that Linux/Unix power 65% of web servers.

The vulnerability is said to span all Linux distros including mobile platforms like Android that are based on Linux.

Although no patch is available yet, recommendations to avoid the exploit being triggered include studying logs to monitor user actions on the system and avoiding installation tools like PKCon (PackageKit Console Client). Safer to stick with installation tools like Yum or dnf.

According to Alert Logic’s Chief Security Evangelist Stephen Coty, the fix for the vulnerability lies in managing PolKit authorization rules or properly managing group privileges for users.

Red Hat, the maintainer of PolKit, is said to have opened a ‘trouble ticket’ to examine the vulnerability.

Related Content
Stephen Coty Blog Post

Sorry, the comment form is closed at this time.