DirtyCOW rises to exploit Linux based Systems Again

Outreaching to the computer environment, again, an 11-year-old Linux bug is likely to preach and exploit user privileges on Linux based systems.

DirtyCow is a privilege escalation vulnerability in the Linux Kernel. According to Redhat “A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.”

Officially designated “CVE-2016-5195”, the vulnerability was discovered by security researcher Phil Oester. He found in one of his testings that on an affected system, root access can be gained in less than 5 seconds.

The advisory at DirtyCOW about blocking or detecting this attack on your system mentions, “Although the attack can happen in different layers, antivirus signatures that detect Dirty COW could be developed. Due to the attack complexity, differentiating between legitimate use and attack cannot be done easily, but the attack may be detected by comparing the size of the binary against the size of the original binary. This implies that antivirus can be programmed to detect the attack but not to block it unless binaries are blocked altogether.”

Since the bug is present in Kernel, it is safe to assume that it is present in every Linux based system or device out there. A patch to the bug was issued by Linus Torvalds, the creator of Linux Kernel but it was neglected by the majority of consecutive releases. He says that the bug was possible “theoretically”, but the advancements in the virtualization and virtual machines over the years made the execution possible.

In order to stay safe of this vulnerability, kindly update your kernel according to the Linux clan that you are currently using.