Antique Kernel Flaw Opens Door to New Dirty Cow Exploit

 

Linux Kernal Flaw

A Linux security vulnerability first discovered more than a decade ago once again poses a threat, Red Hat warned last week, as an exploit that could allow attackers to gain enhanced privileges on affected computers has turned up in the wild.

Users need to take steps to patch their systems to prevent the exploit, known as “Dirty Cow,” from granting access to unprivileged attackers.

“This flaw has actually been in the kernel for a better part of a decade — what’s changed isn’t the vulnerability itself, but rather the manner in which it’s being exploited,” said Josh Bressers, a security strategist at Red Hat.

“As attack methods have become more sophisticated, hardware has become faster, and the kernel [has become] more predictable, a bug that was once thought to be impossible to exploit is now possible to exploit,” he told LinuxInsider.

Out of the Shadows

Linux security researcher Phil Oester rediscovered the flaw while examining a server that appeared to have been under attack, he told V3.

A “race condition” was found in the way the Linux kernel’s memory subsystem handled copy-on-write breakage of private read-only memory mappings, Red Hat explained in last week’s security update.

Unprivileged local users could use the flaw to access otherwise read-only memory mappings and increase their privileges on the system, the update states. The issue affects Linux kernel packages as shipped with Red Hat Enterprise Linux 5,6,7 and MRG 2.x.

Shipping versions of Fedora are also affected, and Fedora is aware of the flaw, the warning notes.

READ MORE

Author: WITS Curators

Bo Washington is a Certified Computer Specialist and the owner and operator of Washington IT Solutions, a local Bartlesville computer repair company. He has been fixing computers since the late 90's and has clocked up thousands of hours performing hardware upgrades, system builds, software installations, virus and spyware removal using the most up to date techniques and general computer services.

Share This Post On

Leave a Reply

%d bloggers like this: