Dirty COW (CVE-2016-5195)

What is Dirty COW?

“A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings.

An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.”
In simple words its a privilege escalation vulnerability in the linux kernel.
The bug has existed since around 2.6.22 (released in 2007) and was fixed on Oct 18, 2016 only.

Impacts of Dirty COW;

This flaw allows an attacker with a local system account to modify on-disk binaries, bypassing the standard permission mechanisms that would prevent modification without an appropriate permission set.

COW attacks are a little bit tough to detect; Because of the attack complexity, differentiating between legitimate use and attack cannot be done easily.

More information, please visit: https://dirtycow.ninja/ and https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails


Exploits : https://github.com/dirtycow/dirtycow.github.io/wiki/PoCs