Short Bytes: A serious nine-year-old bug in Linux kernel has been recently revealed. Named Dirty COW, this flaw can help an attacker to gain write access to read-only memory. Linux kernel maintainers have released the patch and users are advised to install it as soon as possible.
Red Hat warns that it’s a race condition that was found in the way Linux kernel’s memory subsystem “handled the copy on write (COW) breakage of private read-only memory mapping”. This can allow an unauthorized local user to exploit the vulnerability and increase their privileges by gaining write access to read-only memory.
Talking to Ars Technica, Dan Rosenberg, a senior security researcher at Azimuth Security, said that it’s probably the most serious Linux local privileges escalation ever. Given the fact that the bug has been present for nine years, the situation becomes more troubling.
Dirty COW can be used against Web hosting providers that give shell access, allowing one customer to attack others. Combined with this bug, an SQL injection weakness can help the attacker achieve the root status.
In an email to Ars, Linux developer Phil Oester said that any user can become root in less than 5 seconds, very reliably. “The vulnerability is easiest exploited with local access to a system such as shell accounts,” he added.
Different anti-virus signatures are potent enough to detect Dirty COW. But due to the attack’s complexity, they can’t recognize the difference between legitimate use and attack easily.
Earlier this week, the Dirty COW bug was patched by the official Linux kernel maintainers. Different distributors are releasing updates with the fix and users are advised to install the patch as soon as possible.
Did you find this article helpful? Don’t forget to drop your feedback in the comments section below.