A Linux security vulnerability first discovered more than a decade ago once again poses a threat, Red Hat warned last week, as an exploit that could allow attackers to gain enhanced privileges on affected computers has turned up in the wild.
Users need to take steps to patch their systems to prevent the exploit, known as “Dirty Cow,” from granting access to unprivileged attackers.
“This flaw has actually been in the kernel for a better part of a decade — what’s changed isn’t the vulnerability itself, but rather the manner in which it’s being exploited,” said Josh Bressers, a security strategist at Red Hat.
“As attack methods have become more sophisticated, hardware has become faster, and the kernel [has become] more predictable, a bug that was once thought to be impossible to exploit is now possible to exploit,” he told LinuxInsider.
Out of the Shadows
Linux security researcher Phil Oester rediscovered the flaw while examining a server that appeared to have been under attack, he told V3.
A “race condition” was found in the way the Linux kernel’s memory subsystem handled copy-on-write breakage of private read-only memory mappings, Red Hat explained in last week’s security update.
Unprivileged local users could use the flaw to access otherwise read-only memory mappings and increase their privileges on the system, the update states. The issue affects Linux kernel packages as shipped with Red Hat Enterprise Linux 5,6,7 and MRG 2.x.
Shipping versions of Fedora are also affected, and Fedora is aware of the flaw, the warning notes.