Dirty COW Linux Kernel Flaw Gives Attackers Full Access In 5 Seconds

dirty COW
Whether you use Linux at home or manage a Linux server, you'll want to waste no time in making sure your OS is completely up-to-date. An exploit called "Dirty COW" has now been revealed, and while it's not the most dangerous one ever released, the fact that it's been around for nine years is causing some serious alarm throughout the Linux community.

If not for the fact that Linux developer Phil Oester was impacted by this exploit, we might still not even know about it. With his own servers, Oester has been capturing all incoming traffic so as to spot issues easier, this one included. While the binary found on his server was compiled in the summer of 2015, there's no reason to believe that this bug had been unknown about by some malicious user long before then.


Dirty COW might sound like an awfully bizarre name for an exploit, but it's named as such because the Linux function it affects is "copy-on-write". COW happens when more than one system call references the same data; to optimize the amount of space that data uses, pointers are used (like with data deduplication). If one call needs to modify the data, that's when the data is copied entirely.

Dirty COW Fix
Dirty COW's fix via two updated source code files

The upside to this exploit is that it's not a remote execution one, but that doesn't mean there's minimized risk. As a privilege escalation exploit, code execution could happen after this bug is exploited. Imagine, for example, if someone gains access to a system via SQL injection, but lands as a normal user. With this exploit, the equivalent of root access could be gained, at which point the OS is at the mercy of its attacker.

Another upside to this exploit is that if you update your OS right now, there's an overwhelming chance that the bug will be squashed. If you're running an obscure version of Linux, be sure to do your research and make sure that the bug is no longer an issue for you after updating. Some have called this one of the worst cases of privilege escalation ever - so updating right away is imperative.


Via:  V3
Show comments blog comments powered by Disqus