Educause Security Discussion mailing list archives
Re: Linux Grinch attack
From: Colleen Blaho <cblaho () SAS UPENN EDU>
Date: Wed, 17 Dec 2014 10:32:59 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I read the disclosure announcement last night. The 65% statistic just seems like an attention grab and scare-mongering. You need the following at minimum to exploit this: * access to a local user account in the wheel group (a sudo user) * PackageKit needs to be installed * A package in the repos that PackageKit provides must have a security vulnerability * That package needs to be installed as part of the exploit and exploited. Packagekit dev Richard Hughes released this update to Polkit Fri Jul 26 2013: "- Local active users in the wheel group can install signed packages w/o a password" so it looks like this is an intentional feature. So if you secure your wheel group users and don't have PKcon installed, this attack is useless. My workstation (Fedora 19) doesn't have PKcon installed. I am unimpressed :) Then again, I wasn't very impressed in the early stages of Drupalgeddon - -- "Arrays and SQLi? What are you going to do with that? Unimpressive." We all know how that turned out... On 12/17/2014 10:03 AM, Lisciotti, Kevin wrote:
Has anyone picked up on this Grinch attack that was announced yesterday? http://www.scmagazine.com/impact-of-linux-bug-grinch-spans-servers-workstations-android-devices-and-more/article/388689/
- -- Colleen Blaho Information Security and Unix Services University of Pennsylvania School of Arts and Sciences 3600 Market St. Suite 501 Philadelphia, PA 19104 Need to verify my public key? <https://pgp.mit.edu/pks/lookup?op=get&search=0x6BA5B98CF9577D6B> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJUkaIkAAoJEGuluYz5V31rrlUP/0ps90ExrW5+43OCx4M0+HgQ 2Sb2GaIVOIo1/rzCEzbjYOcDGH48agpF7Gum0EPfrm6YRDlAhW2Nl8X3YaG/Fxp+ nwDnuZRBWsj0DeBvmfR82o+B8/WkRQT65it0TB9jlxb6RZpduPKge10Jlg/obPr6 MUfHsTy7IrPKvWnAjiST8dj9fhXSXA5Bb7zxAg/LGUouQUNhAph7jREkJls1MexZ A5KRLfVGAJnrJmFXS3BX+Lr6SjrMVYfwEZJLL+2KALL2cpqjGc2GWfYxZGy0SzOf eRMRZaqrBEYxQfhVbkdLUSiAbjV4ddjNl+0NwWwAQF5B8SYnRlUr0V9ffZDCMREh zpjWAV5xGysaHb7R5N0ZVkog5lXr3WZvqca7d8EZvqQ99LVG4M22BC48PNk8FeLY oTz1TmgaZ0LXNjSgY8u9ckkUxZzX9D3jgPWQnQcCVz1Ic9pdIIaoaV3BanbkdAGa GzMXLWTsuh8/sKCKK3xBXxdgzlxJyORa5KmeP7RJv5nDAnLC1ZF1XsB5SCG1O4QI LMhF5syGMqTZvgyN6gSH+rADUFYr+pW1aNT26pjNWfEIT2ifItxqmDgkfU/Aqtx/ uT/p99dTpuLcivqxY8Au+npl7TC8WJ77f6szaqeQFy5w9r8AJqx0i/12IoyCJbpC rh3krknlGL3d8NEDfY+0 =7iNj -----END PGP SIGNATURE-----
Current thread:
- Linux Grinch attack Lisciotti, Kevin (Dec 17)
- Re: Linux Grinch attack Colleen Blaho (Dec 17)
- Re: Linux Grinch attack Everett, Alex D (Dec 17)
- <Possible follow-ups>
- Re: Linux Grinch attack Boyd, Daniel (Dec 18)
- Re: Linux Grinch attack Pete Hickey (Dec 18)
- Re: Linux Grinch attack Colleen Blaho (Dec 17)