A vulnerability affecting Linux has been recently discovered in the core “Copy-On-Write” memory management code, the flaw has been undetected since 2007 but may have already been known to some attackers.
The flaw within the memory management code is caused by a race condition between a temporary file being created and then being written to. Exploitation allows “privilege escalation,” which means an attacker can promote themselves from a restricted user account and gain full root access to the system.
One of the most concerning aspects of the vulnerability is how reliable and simple it is to execute, there are now many publicly available exploits, including those built into open source exploitation frameworks like Metasploit.
Is my organization vulnerable?
Dirty COW (CVE-2016-5195) can be exploited by someone who already has limited access to a system, for example through a shared service or previously compromised web application. Dirty COW is unlikely to be a vulnerability that an attacker would use to get into a system, but instead one they could leverage to gain significantly more access than they previously had.
Linux kernels between 2.6.22 and either 4.8.3, 4.7.9, or 4.4.26, depending on which version is in use.
Operating systems confirmed to be affected:
SureCloud Platform scanning
Detection for the Dirty COW vulnerability has already been included within our scanning engines and will be automatically checked in any authenticated scans against Linux systems.
Patches are available from the relevant vendors, installing updates from the standard built in repositories should automatically fix the vulnerability. It is important to note that a reboot will typically be required after installing a kernel upgrade before the vulnerability will be mitigated.
Get in touch
For further information, please contact our security experts. If you are a client, please raise a ticket within the SureCloud Platform or email our support team.