Dirty COW — Critical Linux Kernel Flaw Being Exploited in the Wild

Dirty COW — Critical Linux Kernel Flaw Being Exploited in the Wild

dirty-cow-linux-kernel-exploit
A nine-year-old critical vulnerability has been discovered in virtually all versions of the Linux operating system and is actively being exploited in the wild.

Dubbed "Dirty COW," the Linux kernel security flaw (CVE-2016-5195) is a mere privilege-escalation vulnerability, but researchers are taking it extremely seriously due to many reasons.

First, it's very easy to develop exploits that work reliably. Secondly, the Dirty COW flaw exists in a section of the Linux kernel, which is a part of virtually every distro of the open-source operating system, including RedHat, Debian, and Ubuntu, released for almost a decade.

And most importantly, the researchers have discovered attack code that indicates the Dirty COW vulnerability is being actively exploited in the wild.

Dirty COW potentially allows any installed malicious app to gain administrative (root-level) access to a device and completely hijack it.

Why is the Flaw called Dirty COW?


The bug, marked as "High" priority, gets its name from the copy-on-write (COW) mechanism in the Linux kernel, which is so broken that any application or malicious program can tamper with read-only root-owned executable files and setuid executables.
"A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings," reads the website dedicated to Dirty COW. 
"An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system."
The Dirty COW vulnerability has been present in the Linux kernel since version 2.6.22 in 2007, and is also believed to be present in Android, which is powered by the Linux kernel.

Patch Your Linux-powered Systems Immediately


According to the website, the Linux kernel has been patched, and major vendors such as RedHatUbuntu and Debian have already rolled out fixes for their respective Linux distributions.

Organizations and individuals have been urged to install a patch for their Linux-powered systems, phones and gadgets as soon as possible and risk falling victim in order to kill off the Linux kernel-level security flaw affecting nearly every distro of the open-source OS.

The vulnerability was discovered by security researcher Phil Oester, who fund at least one in-the-wild attack exploiting this particular vulnerability. He found the exploit using an HTTP packet capture.

The vulnerability disclosure followed the tradition of branding high-profile security vulnerabilities like HeartbleedPoodleFREAK, and GHOST.

The Dirty COW website states:
"It would have been fantastic to eschew this ridiculousness because we all make fun of branded vulnerabilities too, but this was not the right time to make that stand. So we created a website, an online shop, a Twitter account, and used a logo that a professional designer created."

Comments

Post a Comment

Popular posts from this blog

Android Phones Vulnerable to Extremely Dangerous Full Device Takeover Attack

Image
All Android Phones Vulnerable to Extremely Dangerous Full Device Takeover Attack Researchers have discovered a new attack, dubbed 'Cloak and Dagger', that works against all versions of Android, up to version 7.1.2. Cloak and Dagger attack allows hackers to silently take full control of your device and steal private data, including keystrokes, chats, device PIN, online account passwords, OTP passcode, and contacts. What's interesting about Cloak and Dagger attack? The attack doesn't exploit any vulnerability in Android ecosystem; instead, it abuses a pair of legitimate app permissions that is being widely used in popular applications to access certain features on an Android device. Researchers at Georgia Institute of Technology have discovered this attack, who successfully performed it on 20 people and none of them were able to detect any malicious activity. Cloak and Dagger attacks utilise two basic Android permissions: SYSTEM_ALERT_WINDOW ("draw on top") BIND
Read more

Smart TVs Can Be Hacked Remotely Using Broadcasting Signals

Image
Smart TVs Can Be Hacked Remotely Using Broadcasting Signals The Internet-connected devices are growing at an exponential rate, and so are threats to them. Due to the insecure implementation, a majority of Internet-connected embedded devices, including Smart TVs, Refrigerators, Microwaves, Security Cameras, and printers, are routinely being hacked and used as weapons in cyber attacks. We have seen IoT botnets like  Mirai  – possibly the biggest IoT-based malware threat that emerged late last year and caused vast internet outage by launching massive DDoS attacks against DynDNS provider – which proves how easy it is to hack these connected devices. N ow, a security researcher is warning of another IoT threat involving Smart TVs that could allow hackers to take complete control of a wide range of Smart TVs at once without having any physical access to any of them. Researcher Shows Live Hacking Demonstration The proof-of-concept exploit for the attack, developed by Rafael Scheel of cyber s
Read more

Google Adds New Scanner Behavior-Based Malware To Every Android Device

Image
Google Adds New Scanner  Behavior-Based Malware To Every Android Device In order to keep its billions of users safe, Google has introduced another security defense for its Android devices, called  Google Play Protect . Google Play Protect, which is part of the Google Play Store app, uses machine learning and app usage analysis to weed out the dangerous and malicious apps, which have always been albatross around the tech giant's neck. Since Google Play Protect actually comes with the Google Play Store, users do not need to install or activate this security feature separately. Google Play Protect for Android devices consists: App scanning Anti-Theft Measures Browser Protection Play Protect's App Scanning Feature Google Play Protect is an always-on service on devices which said to scan 50 billion apps each day across a billion Android devices to ensure they are safe. Google already has a number of security measures in place to help keep your smartphones safe, including Verify Apps
Read more