[Image Courtesy of Wikimedia]
Linux has a new animal to deal with now, and it’s not nearly as cute as its mascot, Tux the penguin.
To Linux, the words “Dirty Cow” mean more than a dusty bovine. It’s the name of their latest issue. It turns out any outdated operating system may be compromised in just seconds.
An error was found in the way the kernel’s memory subsystem dealt with copy-on-write (COW) breakage of read-only mappings. The bug, categorized as CVE-2016-5195, is classified as a privilege-escalation vulnerability. Privilege-escalation, in layman’s terms, occurs when a user acquires the system rights/privileges of another user without authorization.
Linux developer Phil Oester discovered the vulnerability. After 9 hours, Arstechnica published an article about the bug. Oester replied with the following email:
Any user can become root in < 5 seconds in my testing, very reliably. Scary stuff.
The vulnerability is easiest exploited with local access to a system such as shell accounts. Less trivially, any web server/application vulnerability which allows the attacker to upload a file to the impacted system and execute it also works.
The particular exploit which was uploaded to my system was compiled with GCC 4.8.5 released 20150623, though this should not imply that the vulnerability was not available earlier than that date given its longevity. As to who is being targeted, anyone running Linux on a web facing server is vulnerable.
For the past few years, I have been capturing all inbound traffic to my webservers for forensic analysis. This practice has proved invaluable on numerous occasions, and I would recommend it to all admins. In this case, I was able to extract the uploaded binary from those captures to analyze its behavior, and escalate to the appropriate Linux kernel maintainers.
Linux operating systems don’t follow the Windows user account policy. Instead of administrator accounts/limited accounts, there is a root user, pseudo users, and normal users. A root account is the default account that comes with a newly installed Linux operating system that has access to every single command and file in the Linux file system. A pseudo user has the ability to execute programs with the privileges of other users, most commonly root. A normal user has access to whatever commands/files in the file system that are granted.
The most disappointing part about the entire incident is the average lifetime of a Linux bug is about 5 years. With only a handful contributors to the open-source project that is Linux, patching bugs prove to continuously be quite the challenge.
The safest thing for users to do? Assume that they’re vulnerable and patch the system as quickly as possible. Linux already worked on patches for the issue.
SEE ALSO: 12 Best Gadgets to Make Life Easier