An ancient Linux vulnerability has suddenly reared its head again. First spotted around 11 years ago, the vulnerability can be used to escalate a user’s privileges.
If you’re familiar with Android, this vulnerability can give any user ‘root’ access to a Linux-based system, including web servers. Linus Torvalds, the creator of Linux, tried to patch the bug out many years ago, but his fixes were apparently patched out in subsequent updates.
Dubbed Dirty COW (Copy On Write), the bug is classified as a “race condition” vulnerability. Since the bug is present in the Linux kernel, it’s present in almost every version of Linux that’s out there, meaning that your current Linux installation is very likely to be vulnerable.
Phil Oester is a Linux security researcher who stumbled onto the attack when analysing a server that was hacked. The Dirtycow.ninja advisory explains that antivirus programs using certain techniques can detect the attack, but given the attack’s complexity, this isn’t easy.
In an email to ArsTechnica, Oester wrote, “Any user can become root in < 5 seconds in my testing, very reliably. Scary stuff.”
As Torvalds explains, the bug was “purely theoretical” and could not be easily triggered. However, recent advancements in VM (Virtual Machine) technologies have apparently gone a long way in enabling this attack today.
It’s clear now that the vulnerability poses a serious threat to a Linux environment and everything that’s based on the Linux is vulnerable (that’s most of the internet today).
The guys who officially maintain the Linux code have issued patches that address the issue, so please update your systems soon.