Bug Experts Label “Dirty Cow” The Most Dangerous Linux Privilege-escalation Bug Ever
Red Hat announced to the world that a Linux kernel security flaw, dubbed Dirty COW, is being exploited right this moment. Red Hat has classified the bug with ‘high’ severity and it has been a vulnerability hiding in the Linux kernel for the past 9 years and they advise users to install a patch to fix it immediately.
Red Hat, speaking with regards to the bug, said it was found in the way Linux kernel’s memory subsystem “handled the copy on write (COW) breakage of private read-only memory mapping”. An unauthorized local user can exploit this vulnerability to increase their privileges by gaining write access to read-only memory.
In a conversation with Ars Technica, the senior security researcher at Azimuth Security, Dan Rosenberg, called the bug probably the most serious Linux local privileges escalation ever. The fact that the bug has been in existence for the past nine years makes the situation more troubling.
The Dirty COW bug can be used against Web hosting providers that give shell access and then allow one customer to attack others. An SQL injection weakness can be combined with this bug to help the attacker achieve the root status.
Linux developer, Phil Oester, in an email to Ars, said that any user can become root within 5 seconds – adding that “The vulnerability is easiest exploited with local access to a system such as shell accounts”.
It is not that anti-virus signatures are not potent enough to detect Dirty COW but the attack is so complex that they cannot differentiate between legitimate use from attacks.
The Dirty COW bug was patched by the official Linux kernel maintainers earlier this week and as different distributors are releasing updates with the fix, users are advised to install the patch as soon as possible, and that includes you.