What is Dirty COW?
It’s the name given to a newly discovered vulnerability in virtually all versions of the Linux operating system. More accurately it should be referred to as CVE-2016-5195 – but where is the fun in that?
But why Dirty COW?
According to the researchers who found the flaw, and created a website to share information about it:
“A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.”
Essentially it means that – if the vulnerability is left unpatched – if a local user can read a file, they can also write to it. Ouch!
So this is a privilege escalation vulnerability, rather than a potentially more dangerous code execution vulnerability?
Right. But don’t let that thought lure you into resting on your laurels, as researchers claim they have found an in-the-wild exploit using the vulnerability.
Okay. Is this a new vulnerability?
Umm.. unfortunately not. Although it has only recently been uncovered, it appears that the flaw has been present in the Linux kernel for going on nine years.
Sheesh.. isn’t the whole point of open source software that it’s available for anyone to review, find bugs, etc…? How come this wasn’t spotted and fixed earlier?
Just earlier this week, research was published claiming that Linux bugs have a typical lifetime of approximately five years.
I run Red Hat / Debian / Ubuntu. Where can I find out more about what I should be doing.
Be sure to check out the official Dirty COW website (yes, they have a website as well as a Twitter account, and the now obligatory vulnerability logo) at http://dirtycow.ninja/
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.