New Linux bug gives root on all major distros, exploit released

by | Mar 8, 2022 | News

dirty pipe vulnerability Linux root privileges

Post Views: 6,904

Patreon

Reading Time: 2 Minutes

A new Linux vulnerability known as ‘Dirty Pipe’ allows local users to gain root privileges through publicly available exploits.

 

Today, security researcher Max Kellermann responsibly disclosed the ‘Dirty Pipe’ vulnerability and stated that it affects Linux Kernel 5.8 and later versions, even on Android devices.

The vulnerability is tracked as CVE-2022-0847 and allows a non-privileged user to inject and overwrite data in read-only files, including SUID processes that run as root.

Kellerman discovered the bug after tracking down a bug that was corrupting web server access logs for one of his customers.

Kellerman states that the vulnerability is similar to the Dirty COW vulnerability (CVE-2016-5195) fixed in 2016.

See Also: Complete Offensive Security and Ethical Hacking Course

 

 

Public exploits give root privileges 

As part of the Dirty Pipe disclosure, Kellerman released a proof-of-concept (PoC) exploit that allows local users to inject their own data into sensitive read-only files, removing restrictions or modifying configurations to provide greater access than they usually would have.

For example, security researcher Phith0n illustrated how they could use the exploit to modify the /etc/passwd file so that the root user does not have a password. Once this change is made, the non-privileged user could simply execute the ‘su root‘ command to gain access to the root account.

 

 

However, an updated exploit by security researcher BLASTY was also publicly released today that makes it even easier to gain root privileges by patching the /usr/bin/su command to drop a root shell at /tmp/sh and then executing the script.

Once executed, the user gains root privileges, as demonstrated by BleepingComputer below in Ubuntu 20.04.3 LTS running the 5.13.0-27-generic kernel.

 

Demonstration of the CVE-2016-5195 DirtyPipe vulnerability
Demonstration of the CVE-2016-5195 Dirty Pipe vulnerability
Source: BleepingComputer

 

 
 
 
 

 

 

The vulnerability was responsibly disclosed to various Linux maintainers starting on February 20th, 2022, including the Linux kernel security team and the Android Security Team.

While the bug has been fixed in Linux kernels 5.16.11, 5.15.25, and 5.10.102, many servers continue to run outdated kernels making the release of this exploit a significant issue to server administrators.

Furthermore, due to the ease of gaining root privileges using these exploits, it is only a matter of time before threat actors begin using the vulnerability when conducting attacks. The similar Dirty COW vulnerability was previously used by malware, even though it was harder to exploit.

This bug is especially concerning for web hosting providers who offer Linux shell access or universities that commonly provide shell access to multi-user Linux systems.

It has been a rough twelve months for Linux, with numerous high-profile privilege elevation vulnerabilities disclosed.

These include privilege elevation vulnerabilities in the Linux iSCSI subsystem, another kernel bug, the Extended Berkeley Packet Filter (eBPF), and Polkit’s pkexec component.

 

 

See Also: Offensive Security Tool: Scapy

 

 

 

Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?

If you want to express your idea in an article contact us here for a quote: [email protected]

 

 

 

See Also: Hacking stories: MafiaBoy, the hacker who took down the Internet

 

Source: bleepingcomputer.com

Source Link

 

 

 

 

merch

Share This