What is ‘Dirty Cow’ Linux vulnerability and will it impact you. Black Duck’s open source software cybersecurity team of value explain it below.
According to Tim MacKey, at Black Duck Software, which helps firms locate, manage and secure their open source software, Dirty COW is a marketing name given to CVE-2016-5195. It describes a bug which allows a malicious actor to increase their level of privilege in a Linux environment up to and including ‘root’. The bug itself is an exploitable race condition. A race condition occurs when two different threads of execution are able to modify the state of the program or system based solely on timing. Tim MacKey, at Black Duck Software commented below.
Tim Mackey, Senior Technical Evangelist at Black Duck Software:
The core issue in CVE-2016-5195 has been present in all Linux kernels since version 2.6.22 released in 2007. The latest long term supported kernel version is 4.4.26. There are known in the wild exploits for CVE-2016-5195. Phil Oester, the security researcher who identified the vulnerability, first identified the issue through forensic log analysis of web server traffic. This implies exploit code is or will soon be part of malicious toolkits.
Mitigation
Mitigation of this issue is best accomplished via kernel update. The known exploit has been reported as non-viable for certain Linux distributions, but users of those distributions should minimize any patching delay to reduce the risk of exploit. Due to the nature of race conditions, the potential exists for other viable trigger models than those currently identified.
Does this impact me
Most users of desktop or server Linux devices are aware of the fact they have a Linux environment. For those users, obtaining an update from their Linux distribution is the ideal path to remediation. Linux as a platform has been used as a core operating system for consumer and industrial devices for much of its 25 year history. This continues today, and includes many of the most popular IoT and home automation devices on the market including devices such as internet routers, WiFi enabled thermostats and internet cameras. Owners of those devices should proactively contact the vendor to verify when an update will be available for their devices.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.