Once again, a serious vulnerability has been found in the kernel of the OS which most server and smartphones on the planet run on – Linux. Not only that, there are actual indications that the Dirty Cow vulnerability is being actively exploited in the wild.
So, here’s everything you need to know about the new nasty bug on the scene.
What’s the Story with This Dirty Cow?
Dirty Cow started its life in a 2007 release of the Linux kernel. Linus Torvalds was actually aware of the bug, and although he thought it trivial, he chose to fix it anyway as a precaution. However, the bug reared its ugly little head again when another developer unwittingly unraveled Torvald’s fix in order to patch a separate problem.
Fast forward to Oct 20th, and Phil Oester (the researcher who found the vulnerability) reports that the Dirty Cow vulnerability has been alive and kicking for the past 9 years.
That’s a big question.
Dirty Cow affects nearly every single Android and Linux distribution out there.
Basically, any Linux system with a web facing server is affected, making Dirty Cow one of the most serious bugs ever found in Linux.
What is it?
Dirty Cow is a “privilege escalation” vulnerability which allows attackers to circumvent the mechanisms for permission management in the kernel and edit files that are normally restricted, including operating system components. Therefore, it can be used to grant root access to a malicious application or user, all without leaving any trace of the breach.What’s also worrying, Oester reported that the bug is trivial to exploit and never fails.
A further piece of bad news is that it’s all but impossible for antivirus and security software to detect Dirty Cow. Yet antivirus signatures that detect the bug are possible. The key would be detecting the attack by comparing the size of the malicious binary against the size of the original binary.
On a positive note, Dirty Cow isn’t as severe as other high profile vulnerabilities (Heartbleed, Glibc), as hackers need to exploit a separate security issue to penetrate their target before they can execute Dirty Cow and gain root access. And even then, they’re limited to the specific container or VM where they executed the malicious code.
Dirty Cow has been allocated CVE-2016-5195.
However, as the CVE is still reserved, as per normal reporting procedures, information is pretty few and far between.
What to Do Now
Furthermore, now a patch has been pushed for the Linux kernel, an Android patch should be in the works. However, the soonest it will be released is in November’s patch batch, which is considered by many to be too long as the bug is being actively exploited.
Yet, later is better than never. While newer Android devices will be patched, older devices may miss out due to limitations placed by carriers and manufacturers.
Keeping Ahead of the Curve
Whether you are or aren’t affected, this a good opportunity for all Linux users to upgrade their security strength by updating their software.
Here at WhiteSource, we continuously monitor and track the NVD, security advisories and open source projects’ bug trackers to ensure our market leading Vulnerability Database is always up to date.
Furthermore, the minute a vulnerable component is added to our customers’ repository/build, or a vulnerability is detected for a used component, we provide real-time remediation steps such as links to patches, fixes and recommendations to change system configuration. After all, it’s essential to be first in line when it comes to open source security.