DirtyCOW rises to exploit Linux based Systems Again

Outreaching to the computer environment, again, an 11-year-old Linux bug is likely to preach and exploit user privileges on Linux based systems.

DirtyCow is a privilege escalation vulnerability in the Linux Kernel. According to Redhat “A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.”

Officially designated “CVE-2016-5195”, the vulnerability was discovered by security researcher Phil Oester. He found in one of his testings that on an affected system, root access can be gained in less than 5 seconds.

The advisory at DirtyCOW about blocking or detecting this attack on your system mentions, “Although the attack can happen in different layers, antivirus signatures that detect Dirty COW could be developed. Due to the attack complexity, differentiating between legitimate use and attack cannot be done easily, but the attack may be detected by comparing the size of the binary against the size of the original binary. This implies that antivirus can be programmed to detect the attack but not to block it unless binaries are blocked altogether.”

Since the bug is present in Kernel, it is safe to assume that it is present in every Linux based system or device out there. A patch to the bug was issued by Linus Torvalds, the creator of Linux Kernel but it was neglected by the majority of consecutive releases. He says that the bug was possible “theoretically”, but the advancements in the virtualization and virtual machines over the years made the execution possible.

In order to stay safe of this vulnerability, kindly update your kernel according to the Linux clan that you are currently using.

2 thoughts on “DirtyCOW rises to exploit Linux based Systems Again”

  1. Sir,
    This bug is related to the paging system, and that the system does not nil out new pages. As Linus Torvald says, it is a theoretical possibility, and then the memory exposed is 1 memory page : 512 bytes.
    This is not Windows, and the next page is another page and pages are not contiguous in memory,
    The biggest problem is hearsay spread. if you cannot find a bigger bug to write about, take a walk and report about the farts and their impact on society. Methane is a very lethal gas with a huge environmental impact, and that is a danger – not this. What if everyone in New York let go of a fart at the same time – would blow a huge hole above the Trump Tower, and with all that Chinese steel – it would collapse.

    Reply
    • Sir, this post is a news with minimal information to make it educative. Thank you for your advice, though. I will surely keep this in mind.

      Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.