“Dirty COW” Is The Most Dangerous Linux Privilege-escalation Bug Ever, Experts Say


dirty-cow-linux-bugShort Bytes: A serious nine-year-old bug in Linux kernel has been recently revealed. Named Dirty COW, this flaw can help an attacker to gain write access to read-only memory. Linux kernel maintainers have released the patch and users are advised to install it as soon as possible. 

Open source software leader Red Hat has told the world that a Linux kernel security flaw, dubbed Dirty COW, is being exploited in the wild. Red Hat has classified the bug with ‘high’ severity. This vulnerability has been hiding in the Linux kernel for past 9 years and the users need to install a patch as soon as possible.

Red Hat warns that it’s a race condition that was found in the way Linux kernel’s memory subsystem “handled the copy on write (COW) breakage of private read-only memory mapping”. This can allow an unauthorized local user to exploit the vulnerability and increase their privileges by gaining write access to read-only memory.

Talking to Ars Technica, Dan Rosenberg, a senior security researcher at Azimuth Security, said that it’s probably the most serious Linux local privileges escalation ever. Given the fact that the bug has been present for nine years, the situation becomes more troubling.

Dirty COW can be used against Web hosting providers that give shell access, allowing one customer to attack others. Combined with this bug, an SQL injection weakness can help the attacker achieve the root status.

In an email to Ars, Linux developer Phil Oester said that any user can become root in less than 5 seconds, very reliably. “The vulnerability is easiest exploited with local access to a system such as shell accounts,” he added.

Different anti-virus signatures are potent enough to detect Dirty COW. But due to the attack’s complexity, they can’t recognize the difference between legitimate use and attack easily.

Earlier this week, the Dirty COW bug was patched by the official Linux kernel maintainers. Different distributors are releasing updates with the fix and users are advised to install the patch as soon as possible.

Did you find this article helpful? Don’t forget to drop your feedback in the comments section below.

Also Read: Symantec Shows How A $15 Device Can Be Used To Hack The U.S. Presidential Election

Adarsh Verma

Adarsh Verma

Fossbytes co-founder and an aspiring entrepreneur who keeps a close eye on open source, tech giants, and security. Get in touch with him by sending an email — [email protected]
More From Fossbytes

Latest On Fossbytes

Find your dream job