Grinch Vulnerability Could Put a Hole In Your Linux Stocking

itwbennett writes In a blog post Tuesday, security service provider Alert Logic warned of a Linux vulnerability, named grinch after the well-known Dr. Seuss character, that could provide attackers with unfettered root access. The fundamental flaw resides in the Linux authorization system, which can inadvertently allow privilege escalation, granting a user full administrative access. Alert Logic warned that Grinch could be as severe as the Shellshock flaw that roiled the Internet in September. Update: 12/19 04:47 GMT by S : Reader deathcamaro points out that Red Hat and others say this is not a flaw at all, but expected behavior.

Re:Grinch is not a flaw - has no CVE!!!

As soon as I heard this, I changed my password to all control characters: ^H^U^H^U^W^U^W^U

Re:Grinch is not a flaw - has no CVE!!!

[meta-monkey]

OMG I discovered a critical security flaw in Linux, guise! If someone has your root password and is sitting at your desk, then with just a few simple keystrokes they can have total access to your system! They can read all your shit, delete your files, anything! Haxx0rs!! It's proven, Linux is unsafe and we should all go run windows instead.