Dirty-COW (CVE-2016-5195) is a privilege escalation vulnerability in the Linux Kernel
This is very important to know about Kernel Local Privilege Escalation called Dirty-COW – (CVE-2016-5195) and every Linux system is recommended to update the kernel version to avoid the Dirty-COW (CVE-2016-5195) vulnerability attack. Following the below information is very useful to know about the Dirty-COW and what’s the serious problem happening over the internet.
In this week, we have seen the serious DDoS attacks against DNS provider Dyn and so many major sites are under DDoS attack. This attack has increasing the count on Linux-run IoT device. It is the Massive largest distributed denial-of-service (DDoS) attack that has down more than 1200 websites including the major sites like Twitter, Netflix, PayPal and more. The attack over round the computers server Dynamic Network is also known as Dyn which plays the crucial role in connecting the websites all over the world. The Hackers launched the cyber-attack to the internet connected all devices with IoT attack. Now the same attack continuing with Dirty-COW vulnerability on Linux and Android devices.
Linus Torvalds about this Dirty-COW : Click Here
In this month (National Vulnerability Database) NVD’s listed almost 500 bugs including Dirty Cow vulnerability(CVE–2016–5195). This bug allows a hacker to access root privileges on the Linux Kernel. As per Red hat Linux official bugfix statement, the Dirty COW has infected the Linux Kernel since 2.6.18-8.1.1.el5 (RHEL5) and above versions. this is very easy way to exploit and gain the root privileges.
Below is the kernel version list affected with Dirty-COW
• 4.8.0-26.28 for Ubuntu 16.10
• 4.4.0-45.66 for Ubuntu 16.04 LTS
• 3.13.0-100.147 for Ubuntu 14.04 LTS
• 3.2.0-113.155 for Ubuntu 12.04 LTS
• 3.16.36-1+deb8u2 for Debian 8
• 3.2.82-1 for Debian 7
• 4.7.8-1 for Debian unstable
A patch for the Linux kernel was developed, and major vendors including Red Hat, Debian, Ubuntu, and Cloud Linux have already released fixes for their respective Linux flavors.
Let us discuss the Dirty-COW Vulnerability.
From the years, we have been strongly trusting that Linux is one of the powerful operating systems so far designed and does not have any issues related to the security breach of the code. However, the fact is that this popular system is well affected with a ‘BUG’.
So what is it all about? Let me walk through this and also you can go through from Source link
This Bug is called ‘Dirty-COW’. It is an error situation prevailed at the Linux kernel’s memory mapping system where it breaks the private memory mappings of read-only. Private mapping means when a resource is allocated by a process, we see if there are any memory leaks as none of the other processes are supposed to access this resource. In short memory mapping, breakage means modifying the original contents of a data blocks instead of writing it in a newly allocated resource in a tricky way.
But Dirty-COW does some memory leaks and this flaw makes the root user to become numb, and whatever restrictions he imposes on a file does not affect and allowing any normal user to access the file without restrictions and imposing their own read and write permissions. In one shot we can say that this bug allows a hacker to access root privileges on the Linux Kernel.
In the term Dirty-COW, COW refers the technology Copy-on-Write and has its own source of information which you can find it in Google. But Linux is making an approach as Change on Write to do some modifications to the memory objects.
This bug was existing for past 9 years and in fact affecting all the latest Linux versions and distributions, even the Android application as well. However, it was undiscovered and was not given much importance to it as it was less affecting to the daily routine of the Systems.
But now it has become a serious vulnerability and started questioning the integrity of the entire Linux community over its security issues.
Now the Hackers are seriously exploiting and have been making some vigorous DDOS Attacks. Now Red-Hat has released few solutions on how to fix this bug, but it appears to be a temporary remedy. In the National Vulnerability Database, we maintain a list of Common Vulnerabilities and Exposures (in short CVE) with an ID. As it is updated a fix for this issue. An ID number is created in the database for this bug and referenced as CVE-2016-5195.
Redhat vulnerability bug fixes solution link : https://access.redhat.com/security/vulnerabilities/2706661
Conclusion: This bug if not curbed at this stage, may cost lots of damage to the Linux environment. However, RedHat, CloudLinux, Ubuntu, OpenSuse and other Linux distro’s has partially come up with a fixation. In the next article, we will see how this bug has been fixed.