Categories: CVE/vulnerability

Serious Linux vulnerabilities “Dirty COW” is a privilege escalation vulnerability in the Linux Kernel – Linux users urged to protect

Recently ,there have been some serious vulnerabilities found in various Linux systems. Whilst OS vulnerabilities are a common occurrence.

The ‘Dirty Cow’ bug was originally introduced nine years ago, and has been sitting unnoticed for much of that time.Officially called CVE–2016–5195 – was originally introduced to the kernel nine years ago, and has been sitting unnoticed for much of that time

The open-source Linux operating system is used by most of the servers on the internet as well as in smartphones

According to Phil Oester, the researcher who found the bug, an exploit taking advantage of Dirty Cow has already been found in the wild.

But the research team warn that while Dirty Cow is serious, it shouldn’t distract from the more workaday bugs, which are found regularly. “All the boring normal bugs are way more important, just because there’s a lot more of them. I don’t think some spectacular security hole should be glorified or cared about as being any more ‘special’ than a random spectacular crash due to bad locking.”

As Per the ESET Report , ” the bug known as Dirty Cow (CVE-2016-5195) found in October – named as such since it exploits a mechanism called “copy-on-write” and falls within the class of vulnerabilities known as privilege escalation. This would allow an attacker to effectively take control of the system “

Why is it called the Dirty COW bug?

As per the  Dirtycow.ninja , “A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings.

An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.”

How can Linux be fixed?

Even though the actual code fix may appear trivial, the Linux team is the expert in fixing it properly so the fixed version or newer should be used. If this is not possible software developers can recompile Linux with the fix applied.

Dirty COW With Red Hat

According to the Red Hat , A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW)breakage of private read-only memory mappings.
An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.

Dirty COW With Debian

As per the Debian Description, Debian Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka “Dirty COW.”

Ubuntu and  SUSE also released a patch  for  “Dirty COW” Explained the vulnerability in their Security source .

Organisations and individuals have been urged to patch Linux servers immediately or risk falling victim to exploits for a Linux kernel security flaw dubbed ‘Dirty COW’.

CVE-2016-5195, as the bug is cataloged, amounts to a mere privilege-escalation vulnerability rather than a more serious code-execution vulnerability, there are several reasons many researchers are taking it extremely seriously.

For one thing, it’s not hard to develop exploits that work reliably. For another, the flaw is located in a section of the Linux kernel that’s a part of virtually every distribution of the open-source OS released for almost a decade.

What’s more, researchers have discovered attack code that indicates the vulnerability is being actively and maliciously exploited in the wild.

Privilege escalation:

  • If the boot partition is not encrypted
  • It can be used to store an executable file with the bit “SetUID” enabled. Which can later be used to escalate privileges by a local user.
  • If the boot is not secured, then it would be possible to replace the kernel image.
Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Threat Actors Exploit Google Docs And Weebly Services For Malware Attacks

Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting victims…

12 hours ago

Python NodeStealer: Targeting Facebook Business Accounts to Harvest Login Credentials

The Python-based NodeStealer, a sophisticated info-stealer, has evolved to target new information and employ advanced…

12 hours ago

XSS Vulnerability in Bing.com Let Attackers Send Crafted Malicious Requests

A significant XSS vulnerability was recently uncovered in Microsoft’s Bing.com, potentially allowing attackers to execute…

15 hours ago

Meta Removed 2 Million Account Linked to Malicious Activities

 Meta has announced the removal of over 2 million accounts connected to malicious activities, including…

18 hours ago

Veritas Enterprise Vault Vulnerabilities Lets Attackers Execute Arbitrary Code Remotely

Critical security vulnerability has been identified in Veritas Enterprise Vault, a widely-used archiving and content…

19 hours ago

7-Zip RCE Vulnerability Let Attackers Execute Remote Code

A critical security vulnerability has been disclosed in the popular file archiving tool 7-Zip, allowing…

20 hours ago