New privilege escalation vulnerability called 'Dirty Pipe' is threatening all Linux distros
Recently, security researcher Max Kellermann shared about a security flaw called 'Dirty Pipe'. It affects Linux Kernel 5.8 and above and even Android devices.
"Dirty Pipe" is tracked under code CVE-2022-0847. When exploited successfully, an unprivileged hacker can insert and overwrite data in read-only files, including SUID processes running as root.
Kellermann discovered this vulnerability after tracking a bug that was corrupting the web server access logs of one of his customers.
Kellermann said "Dirty Pipe" is similar to the Dirty COW vulnerability (CVE-2016-5195) that was patched in 2016.
How to exploit root access has been shared publicly
In his sharing, Kellermann also publicly disclosed how to exploit the vulnerability. In this way, local users can put their own data in sensitive read-only files, remove restrictions, or modify configurations to provide greater access than they normally would. .
For example, security researcher Phith0n exploited this vulnerability to fix the /etc/passwd file so that the root account no longer had a password. After this change is done, unprivileged users just need to execute the command "su root" to get access to the root account,
Several other exploits were also made public soon after.
What do users need to do?
Before going public about "Dirty Pipe", Kellermann reported it to the organizations responsible for the maintenance of Linux distros, including the Linux kernel security group and the Android Security Team.
Currently, this vulnerability has been fixed in Linux kernels 5.16.11, 5.15.25 and 5.10.102 but many servers are still running unpatched kernels. Therefore, exploiting a publicly shared vulnerability will cause many problems for server administrators.
Moreover, because the exploitation is so easy and the root access is so simple, it's only a matter of time before this vulnerability is abused by hackers in cyber attacks. Previously, the Dirty COW vulnerability, although more difficult to exploit, was still abused by hackers.
Web hosting providers that provide Linux shell access or universities that typically provide shell access for multi-user Linux systems will have to pay special attention to this Dirty Pipe vulnerability.
You should read it
- Detecting a new Linux vulnerability allows hackers to gain control of the VPN connection
- 12-year vulnerability in pkexec gives hackers root privileges on Linux
- Immediately patch CWP vulnerability that allows code execution as root on Linux servers
- How to install and use a vulnerability scanner in Linux
- GitLab patches critical vulnerability that allows hackers to take control of accounts
- 'Printer Catastrophe' Vulnerability Threatens All Versions of Windows
- Log4Shell zero-day vulnerability discovered, the new nightmare of enterprises
- The DHCP vulnerability in Red Hat Linux helps hackers execute remote code
- Linux kernel vulnerability exposes Stack memory, causing local data leak
- Google Project Zero reveals a serious privilege escalation vulnerability in Windows
- Zalo PC has a serious RCE error, you should be careful when receiving attachments
- Mozilla patches a vulnerability in Firefox that helps hackers gain admin rights of Windows