Researchers Identify ‘Grinch’ Bug As Christmas Approaches

Researchers have identified a new vulnerability affecting Linux-based operating systems – the Grinch bug. By exploiting this vulnerability, hackers can gain root access to a system running on Linux.


Grinch is similar to the Shellshock bug which hit the cyberspace in September and emerged just days after another bug called Poodle surfaced.

Alert Logic wrote about this bug on Tuesday and said that the Grinch vulnerability affects all operating systems based on Linux. With no patch yet available to fix the bug, Grinch gains more power as it gives attackers the root access to a system.

Shellshock is basically a coding error in Bash. It affects all operating systems based on UNIX including Mac and Linux. Grinch could be even worse. Just like the Shellshock vulnerability, the Grinch vulnerability also allows a hacker to access a system without encryption keys or passwords.

Stephen Coty, security evangelist at Alert Logic said that there has been no information regarding the availability of a patch.

“Anyone who goes with a default configuration of Linux is susceptible to this bug,” he expressed his concern. “We haven’t seen any active attacks on it as of yet, and that is why we wanted to get it patched before people started exploiting it.”

The basic problem is with the Linux authorization system that permits privilege escalation through a wheel. To put it simply, wheels are user accounts with special administrative privileges. They control the Substitute User (SU) command in a UNIX based system and allow the current user to be elevated to the status of a super user.

Hackers can exploit this vulnerability by either manipulating the Polkit (Policy Kit) or altering the registered user account in the wheel. The Policy Kit is a GUI for handling privileged functions for ordinary users. Privileged processes use the Polkit to decide whether they should perform privileged functions on behalf of the user who requests them.

No matter which method the hackers use, their objective is to obtain root access. Root access will give them full administrative control over the system.

As a result, the attacker will be able to install malware, modify programs, and access files located in all directories. The attacker will also be able to control the system remotely and create a replicating bug that can affect other systems almost instantly.

Vulnerabilities like these pose a major problem to eCommerce sites like Amazon, which use Linux/Unix based operating systems. According to W3Tech, about 65 percent of the web servers on the World Wide Web use operating systems based on Linux or UNIX. Some smartphones that run Linux operating systems may also be affected by this flaw.

Alert Logic says that they have not yet seen the vulnerability being exploited. This flaw hasn’t made it to the database of the Community Emergency Response Team (CERT) either. This, however, does not mean that it is impossible to exploit this vulnerability. In fact, executing and manipulating this bug is easy.

Linux has neither made any official statements about this flaw nor issued a patch. However, since this is a flaw affecting the Linux Kernel Architecture, Alert Logic believes that Linux Kernel developers may be working to find a solution.

Until a patch becomes available, users can guard their machine against the Grinch by installing logging software that will flag off any unusual behavior in the system.

In addition, understanding the way your Linux system works is necessary to build up your security. A user should know how their Linux administrator is installing software and managing updates.