Linux has a new animal to manage now, and it’s not nearly as cute as its mascot, tux the penguin.
To Linux, the words “Dirty Cow” mean over a dusty bovine. It’s the name of their latest issue. It seems any outdated operating system may be compromised in only seconds.
An error was found in the way the kernel’s memory system dealt with copy-on-write (COW) breakage of read-only mappings. The bug, categorized as CVE-2016-5195, is assessed as a privilege-escalation vulnerability. Privilege-escalation, in layman’s terms, happens when a user acquires the system rights/privileges of another user without authorization.
Linux developer Phil Oester discovered the vulnerability. after nine hours, Arstechnica revealed an article regarding the bug. Oester replied with the following email:
Any user can become root in < 5 seconds in my testing, very reliably. scary stuff.
The vulnerability is easiest exploited with local access to a system such as shell accounts. Less trivially, any web server/application vulnerability which allows the attacker to upload a file to the impacted system and execute it also works.
The particular exploit which was uploaded to my system was compiled with GCC 4.8.5 released 20150623, although this should not imply that the vulnerability was not available earlier than that date given its longevity. as to who is being targeted, anyone running linux on a web facing server is vulnerable.
For the past few years, I have been capturing all inbound traffic to my webservers for forensic analysis. This practice has proved invaluable on numerous occasions, and i would recommend it to all admins. in this case, i was able to extract the uploaded binary from those captures to analyze its behavior, and escalate to the appropriate linux kernel maintainers.
Linux operating systems don’t follow the Windows user account policy. rather than administrator accounts/limited accounts, there’s a root user, pseudo-users, and traditional users. A root account is the default account that comes with a freshly put in UNIX system software package that has access to each single command and goes into the Linux file system. A pseudo user has the ability to execute programs with the privileges of different users, most ordinarily root. a normal user has access to whatever commands/files in the file system that are granted.
The most unsatisfactory part about the entire incident is that the average lifetime of a Linux bug is about five years. With only a handful contributors to the open-source project that’s Linux, patching bugs prove to continuously be quite the challenge.
The safest thing for users to do? Assume that they’re vulnerable and patch the system as quickly as possible. Linux already worked on patches for the issue.