Dirty COW – Slaying Linux privilege escalation bug

Posted on by Abhi Raj
DIRTY_COW
Dirty COW can potentially destroy your Linux system.

Hackers have made it a habit of exploiting serious vulnerabilities to hurt entities using certain operating systems.

One such vulnerability goes by the name of Dirty COW.

Various reports in the media have pointed out this new vulnerability is found in the Linux Kernel.

The vulnerability itself is not new.

It is actually nine-years-old.

Security researchers have found the vulnerability if almost all version of the operating system, Linux.

And hackers have continued to exploit the vulnerability in the wild for a long time as well.

What Is Dirty COW?

In short, it is a Linux kernel security flaw.

But it’s not really a dangerous ransomware of something.

Some might consider it more dangerous because it involves privilege-escalation vulnerability.

Why are security researchers taking it so seriously then?

Well, there are many reasons.

The chief among them is the fact that this vulnerability is very easy to exploit.

And too pretty reliably.

It is also dangerous because the Dirty COW security flaw exists in a very sensitive section of the operating system that we know as Linux kernel.

This section is present in almost all distros of the operating system.

As we all know Linux is an open source operating system.

But that hasn’t stopped security flaws such as Dirty COW to pop up here and there.

So let’s just make it clear in no uncertain terms:

All Linux distros have this security flaw.

We’re talking about distros such as,

  • Redhat
  • Ubuntu
  • And Debian

All of them are more than a decade old.

As mentioned before, the more worrying part is that security researchers now know that hackers have exploited the flaw in the wild since who knows when.

What Does Dirty Cow Do?

It basically enables hackers to have root access on a server.

Hackers can then take control of the entire system.

Phil Oester is the security researcher who detected the security hole.

He also found a race condition.

What race condition and in what?

He found it in the how the memory subsystem in the Linux Kernel managed copy-on-write, in other words COW, breakages that occur in private read-only memory mappings.

As indicated earlier, hackers can exploit this to gain access to read-only mappings.

And they could also take over the entire system if they wanted to.

Want more technical information?

Then visit the official vulnerability page.

You may also like this site.

The above-mentioned website is totally dedicated to the Dirty COW vulnerability.

The Dirty COW vulnerability also allows hackers to use any malicious app that is installed on the user’s machine to gain root level (administrative) access to the user’s device.

In fact, hackers can hijack the whole system within five seconds.

Earlier in the week, Linus Torvalds, a security researcher said that he spotted the vulnerability about eleven years ago.

He also said that he tried to fix the issue but didn’t finish it and hence left it unpatched.

Why?

Because he thought, hackers would find it very hard to trigger such a vulnerability with the technology available.

Why Do Security Researchers Call It Dirty COW?

As mentioned before, the Dirty COW name comes from the copy-on-write mechanism that is present in the Linux Kernel.

Security researchers have marked the Dirty COW bug as High priority.

This mechanism is slow flawed that any malicious program or application can messy with root-owned and read-only executable files.

Hackers can also set up multiple ID executables.

The dedicated website mentioned above also pointed out that any given unprivileged local users could gain write access to read-only memory mappings by using the Dirty COW flaw.

In the process, that user would also increase his/her system privileges.

When Did Dirty COW Come Into Being?

The Linux version 2.6.22 which came out in 2007, is the first Linux Kernel on which security researchers found the Dirty COW vulnerability.

Researchers also believe that the same Dirty COW vulnerability could possibly reside in Android as well.

Most of us know that the mobile Android operating system is powered via the Linux kernel.

So How Many Machines Does Dirty COW Affect?

Rough estimates say hundreds of thousands.

But millions are not out of the question.

A million Linux-based computer machines have the Dirty COW vulnerability.

So who should worry about Dirty COW?

If you are not using the absolute latest version of Linux kernel then you are at risk of having Dirty COW security flaw.

Some think that it matters little if you are running the latest Linux Kernel version or not.

Why?

Because some vendors have still not patched their Linux kernels.

They might have patched up their kernels against other more popular vulnerabilities but not Dirty COW.

Hack Your Own System To Test If You Are At Risk

You read that right.

You can test your system for Dirty COW.

To do that just hack your system.

Visit the Github page here and then use the provided PoCs to test your system.

Reports say that many Linux distro versions are at risk.

Mostly though if are using an older version of the following Linux distros then you are somewhat exposed:

  • Red Hat
  • CentOS
  • Debian
  • Ubuntu
  • SUSE
  • Openwrt

The Most Crucial Thing At This Juncture? Patch Management.

Without patch management, there is no hope for any organization.

Size doesn’t really matter here.

New reports in the media say that respective engineers have patched the Linux Kernel.

So all major Linux vendors like,

have rolled out relevant fixes for each of their Linux distros.

Security researchers have already warned individuals along with organizations that the should install the released patches for their Linux systems along with,

  • Smartphones
  • Other gadgets

as soon as possible.

Otherwise, the risk of becoming a victim is high.

Why?

Because the Dirty COW can cause some serious damage with its ability to gain kernel-level permissions.

Most of all, since it affects almost all Linux distros, anyone who uses a Linux system is at risk.

How To Protect Yourself Against Dirty COW?

As it turns out, it is rather easy for anyone to protect himself or herself or even itself against Dirty COW.

Here is the solution:

Update.

Perform a simple update on your Linux system.

And keep it updated to the latest version from now on.

And that’s it.

But you need to keep in mind that you need to reboot your computer even after the update to stay safe from Dirty COW.

So which commands should you use to update your distro?

Well, use these ones:

Go to terminal and type:

$ sudo apt-get update && sudo apt-get upgrade && sudo apt-get dist-upgrade

And for RHEL system, do this:

$ sudo yum update

$ sudo reboot

If you are using CentOS then you have a problem.

CentOS doesn’t have an official update for Dirty COW.

But worry not.

Just go to this page and follow the instructions.

After that reboot your computer.

Then ensure that your Linux computer is running the latest version of the OS.

Use the following commands to confirm the update:

$ uname -a

$ uname -r

and after that write the following in your terminal:

$ uname -mrs

 

 

If you want to check out some other high-profile vulnerability which also happen to have brand names then check out,

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.