Security researchers have discovered a critical vulnerability under the name Grinch Bug, which can be exploited by malicious hackers to obtain unauthorized accesss root on Linux computing systems.
Η ευπάθεια αφορά στο σύστημα αυθεντικοποίησης (authorization system) του Linux και επιτρέπει την κλιμάκωση προνομίων μέσω του wheel (ορολογία Unix).
The new bug leaves Linux system administrators awake a few days after it poodle - Another deadly error of 2014 - has come back to the forefront. Grinch's vulnerability affects all distributions of the Linux operating system and, according to researchers from Alert Logic, which uncovered the bug last Tuesday, potentially gives root access to any attacker without the use of codes or special encryption keys.
A hacker could exploit the vulnerability with either conversion των εγγεγραμμένων λογαριασμών χρηστών σε wheel ή με την εκμετάλλευση του Policy Kit (Polkit), μια γραφικής διεπαφής χρήστη (User Interface) που χρησιμοποιείται από απλούς users, to perform tasks that require administrator privileges.