Friday, November 1, 2024
HomeCVE/vulnerabilitySerious Linux vulnerabilities "Dirty COW" is a privilege escalation vulnerability in...

Serious Linux vulnerabilities “Dirty COW” is a privilege escalation vulnerability in the Linux Kernel – Linux users urged to protect

Published on

Malware protection

Recently ,there have been some serious vulnerabilities found in various Linux systems. Whilst OS vulnerabilities are a common occurrence.

The ‘Dirty Cow’ bug was originally introduced nine years ago, and has been sitting unnoticed for much of that time.Officially called CVE–2016–5195 – was originally introduced to the kernel nine years ago, and has been sitting unnoticed for much of that time

The open-source Linux operating system is used by most of the servers on the internet as well as in smartphones

- Advertisement - SIEM as a Service

According to Phil Oester, the researcher who found the bug, an exploit taking advantage of Dirty Cow has already been found in the wild.

But the research team warn that while Dirty Cow is serious, it shouldn’t distract from the more workaday bugs, which are found regularly. “All the boring normal bugs are way more important, just because there’s a lot more of them. I don’t think some spectacular security hole should be glorified or cared about as being any more ‘special’ than a random spectacular crash due to bad locking.”

 

As Per the ESET Report , ” the bug known as Dirty Cow (CVE-2016-5195) found in October – named as such since it exploits a mechanism called “copy-on-write” and falls within the class of vulnerabilities known as privilege escalation. This would allow an attacker to effectively take control of the system “

Why is it called the Dirty COW bug?

As per the  Dirtycow.ninja , “A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings.

An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.”

How can Linux be fixed?

Even though the actual code fix may appear trivial, the Linux team is the expert in fixing it properly so the fixed version or newer should be used. If this is not possible software developers can recompile Linux with the fix applied.

Dirty COW With Red Hat

According to the Red Hat , A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW)breakage of private read-only memory mappings.
 
An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.

Dirty COW With Debian

As per the Debian Description, Debian Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka “Dirty COW.”

Ubuntu and  SUSE also released a patch  for  “Dirty COW” Explained the vulnerability in their Security source .

Organisations and individuals have been urged to patch Linux servers immediately or risk falling victim to exploits for a Linux kernel security flaw dubbed ‘Dirty COW’.

CVE-2016-5195, as the bug is cataloged, amounts to a mere privilege-escalation vulnerability rather than a more serious code-execution vulnerability, there are several reasons many researchers are taking it extremely seriously.

For one thing, it’s not hard to develop exploits that work reliably. For another, the flaw is located in a section of the Linux kernel that’s a part of virtually every distribution of the open-source OS released for almost a decade.

What’s more, researchers have discovered attack code that indicates the vulnerability is being actively and maliciously exploited in the wild.

Privilege escalation:

  • If the boot partition is not encrypted
  • It can be used to store an executable file with the bit “SetUID” enabled. Which can later be used to escalate privileges by a local user.
  • If the boot is not secured, then it would be possible to replace the kernel image.
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Google Chrome Security, Critical Vulnerabilities Patched

Google has updated its Chrome browser, addressing critical vulnerabilities that posed potential risks to...

SMB Force-Authentication Vulnerability Impacts All OPA Versions For Windows

Open Policy Agent (OPA) recently patched a critical vulnerability that could have exposed NTLM...

Vulnerabilities in Realtek SD Card Reader Driver Impacts Dell, Lenovo, & Others Laptops

Multiple vulnerabilities have been discovered in the Realtek SD card reader driver, RtsPer.sys, affecting...