Dirty COW (CVE-2016-5195)

What is Dirty COW?

“A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings.
An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.”
In simple words its a privilege escalation vulnerability in the linux kernel.
The bug has existed since around 2.6.22 (released in 2007) and was fixed on Oct 18, 2016 only.

Impacts of Dirty COW;

This flaw allows an attacker with a local system account to modify on-disk binaries, bypassing the standard permission mechanisms that would prevent modification without an appropriate permission set.

COW attacks are a little bit tough to detect; Because of the attack complexity, differentiating between legitimate use and attack cannot be done easily.
More information, please visit: https://dirtycow.ninja/ and https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails
Exploits : https://github.com/dirtycow/dirtycow.github.io/wiki/PoCs

Leave a Reply

Your email address will not be published. Required fields are marked *