Grinch vulnerability allows hackers to gain root access on Linux machines

It has been dubbed Grinch, the vulnerability which is currently found in poorly configured environments which uses the Wheel group in Linux: These are modern user groups which are made to control access privileges. The wheel group is a special user group used on some Unix systems to control access to the su command, which allows a user to masquerade as another user (usually the super user).

When a new Linux environment is created, the generated user account will be bound to the Wheel group which allows administrative tasks within the system.

The wheel group will be able to run each file with root permissions, so for example, if you have the user “cyberwarzone” and the group “wheel” -> cyberwarzone:wheel , the cyberwarzone user will be able to run any file with root permissions.

The vulnerability was found in a Linux authorization system which could give an unauthorized user root access to the system by leveraging “wheel,” a special user group that controls access to the su command and allows one user to operate as if they were another.

The Alert Logic company explains that they have found an method which allows hackers to exploit the vulnerability which can be found in Linux systems. They claim that an hacker will be able to download and execute an vulnerable package via the wheel user group, once the hacker has downloaded the vulnerable package, the hacker will be able to exploit the vulnerable package which allows him to gain control over the targeted device.

The team says they have no evidence that there is an active exploit targeting the Grinch vulnerability, and that Linux users can help protect their systems until a patch is issued by modifying administrative privileges to minimize sudo operations, and should also deploy system logging software to monitor user activity and issue an alert if any unusual activity is discovered.


Share this info: