Categories: CVE/vulnerability

Serious Linux vulnerabilities “Dirty COW” is a privilege escalation vulnerability in the Linux Kernel – Linux users urged to protect

Recently ,there have been some serious vulnerabilities found in various Linux systems. Whilst OS vulnerabilities are a common occurrence.

The ‘Dirty Cow’ bug was originally introduced nine years ago, and has been sitting unnoticed for much of that time.Officially called CVE–2016–5195 – was originally introduced to the kernel nine years ago, and has been sitting unnoticed for much of that time

The open-source Linux operating system is used by most of the servers on the internet as well as in smartphones

According to Phil Oester, the researcher who found the bug, an exploit taking advantage of Dirty Cow has already been found in the wild.

But the research team warn that while Dirty Cow is serious, it shouldn’t distract from the more workaday bugs, which are found regularly. “All the boring normal bugs are way more important, just because there’s a lot more of them. I don’t think some spectacular security hole should be glorified or cared about as being any more ‘special’ than a random spectacular crash due to bad locking.”

As Per the ESET Report , ” the bug known as Dirty Cow (CVE-2016-5195) found in October – named as such since it exploits a mechanism called “copy-on-write” and falls within the class of vulnerabilities known as privilege escalation. This would allow an attacker to effectively take control of the system “

Why is it called the Dirty COW bug?

As per the  Dirtycow.ninja , “A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings.

An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.”

How can Linux be fixed?

Even though the actual code fix may appear trivial, the Linux team is the expert in fixing it properly so the fixed version or newer should be used. If this is not possible software developers can recompile Linux with the fix applied.

Dirty COW With Red Hat

According to the Red Hat , A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW)breakage of private read-only memory mappings.
An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.

Dirty COW With Debian

As per the Debian Description, Debian Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka “Dirty COW.”

Ubuntu and  SUSE also released a patch  for  “Dirty COW” Explained the vulnerability in their Security source .

Organisations and individuals have been urged to patch Linux servers immediately or risk falling victim to exploits for a Linux kernel security flaw dubbed ‘Dirty COW’.

CVE-2016-5195, as the bug is cataloged, amounts to a mere privilege-escalation vulnerability rather than a more serious code-execution vulnerability, there are several reasons many researchers are taking it extremely seriously.

For one thing, it’s not hard to develop exploits that work reliably. For another, the flaw is located in a section of the Linux kernel that’s a part of virtually every distribution of the open-source OS released for almost a decade.

What’s more, researchers have discovered attack code that indicates the vulnerability is being actively and maliciously exploited in the wild.

Privilege escalation:

  • If the boot partition is not encrypted
  • It can be used to store an executable file with the bit “SetUID” enabled. Which can later be used to escalate privileges by a local user.
  • If the boot is not secured, then it would be possible to replace the kernel image.
Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Threat Actors Leverage DDoS Attacks as Smokescreens for Data Theft

Distributed Denial of Service (DDoS) attacks, once seen as crude tools for disruption wielded by…

3 minutes ago

20-Year-Old Proxy Botnet Network Dismantled After Exploiting 1,000 Unpatched Devices Each Week

A 20-year-old criminal proxy network has been disrupted through a joint operation involving Lumen’s Black…

13 minutes ago

“PupkinStealer” – .NET Malware Steals Browser Data and Exfiltrates via Telegram

A new information-stealing malware dubbed “PupkinStealer” has emerged as a significant threat to individuals and…

21 minutes ago

Phishing Campaign Uses Blob URLs to Bypass Email Security and Avoid Detection

Cybersecurity researchers at Cofense Intelligence have identified a sophisticated phishing tactic leveraging Blob URIs (Uniform…

30 minutes ago

VMware Tools Vulnerability Allows Attackers to Modify Files and Launch Malicious Operations

Broadcom-owned VMware has released security patches addressing a moderate severity insecure file handling vulnerability in…

2 hours ago

Metasploit Update Adds Erlang/OTP SSH Exploit and OPNSense Scanner

The open-source penetration testing toolkit Metasploit has unveiled a major update, introducing four new modules,…

5 hours ago