It’s the Grinch that threatens your Linux!
A bug in Linux dubbed “the Grinch” has been revealed that could allow a hacker to obtain escalated privileges and gain administrative control. This would allow the hacker to download malicious software, steal information and control the computer. The target machine is essentially defenseless.
Uncovered by the security firm Alert Login, the Linux bug allows a hack to exploit a special user group called a “wheel” that controls access to the su command, which allows a user to masquerade as another user. The hacker can modify user accounts in a wheel or by manipulating the Policy Kit , a graphical User interface for managing privileges
This is at least as serious as the Shellshock bug that cause a bit of panic in server administration back in September.
Linux is by far the most popular operating system for web servers, so the problem cannot be treated lightly. It is not limited to servers and could impact all Linux based machines, even Android mobile devices. The Android is based on the Linux kernel
The good news is that there has not yet been a real world example of the Grinch bug being used in an attack. The bad news is that there is not yet a patch for the problem.
All the more important that organizations take action to monitor the situation and look for potential compromises. This can be done by implementing logging software, limiting administrative access and continuously monitoring user privileges.