Dirty COW
Dirty COW (Dirty copy-on-write) is a computer security vulnerability for the Linux kernel that affects all Linux-based operating systems including Android. It is a local privilege escalation bug that exploits a race condition in the implementation of the copy-on-write mechanism.[1][2] The bug has been lurking in the Linux kernel since version 2.6.22 (released in September 2007), and has been actively exploited at least since October 2016.[2] The bug has been patched in Linux kernel versions 4.8.3, 4.7.9, 4.4.26 and newer.
Although it is a local privilege escalation bug, remote attackers can use it in conjunction with other exploits that allow remote execution of non-privileged code to achieve remote root access on a computer.[1] The attack itself does not leave traces in the system log.[2]
It has the CVE designation CVE-2016-5195.[3] The Debian operating system distribution has announced that it has released a patch for the vulnerability.[4] Dirty Cow was one of the first security issues transparently fixed in Ubuntu by the Canonical Live Patch service.[5]
It has been demonstrated that the bug can be utilized to root any Android device up to Android version 7.[6]
References
- 1 2 Goodin, Dan (2016-10-20). ""Most serious" Linux privilege-escalation bug ever is under active exploit (updated)". Ars Technica. Retrieved 2016-10-21.
- 1 2 3 Vaughan-Nichols, Steven J. "The Dirty Cow Linux bug: A silly name for a serious problem". ZDNet. Retrieved 2016-10-21.
- ↑ "Kernel Local Privilege Escalation - CVE-2016-5195 - Red Hat Customer Portal". access.redhat.com. Retrieved 2016-10-21.
- ↑ "CVE-2016-5195". security-tracker.debian.org. Retrieved 2016-10-21.
- ↑ "LSN-0012-1 Linux kernel vulnerability". Ubuntu Security mailing list. October 20, 2016.
- ↑ "Android phones rooted by "most serious" Linux escalation bug ever". Ars Technica. October 24, 2016.
External links
- https://dirtycow.ninja/
- https://access.redhat.com/security/cve/cve-2016-5195
- https://blogs.oracle.com/ksplice/entry/cve_2016_5195_dirty_cow
- https://www.suse.com/support/kb/doc?id=7018178