Dirty COW dangerous 0-day vulnerability found in Linux kernel (CVE-2016-5195)

A dangerous vulnerability has been discovered in the Linux kernel related to copy-on-write (COW) processing by the kernel memory system. Exploiting the bug, you can provoke the so-called race condition (race condition). During the exploitation of the vulnerability, an unauthorized local user will be able to access memory mappings with write access, although access should be limited to reading (read-only). Vulnerability refers to privilege escalation.

Vulnerability was detected in the Linux kernel itself and, not least, it has been present in any distributions for almost ten years => 2.6.22.

“As Linus Torvalds noted in his commit, this ancient bug has been living in the core for many years. All Linux users should take the problem seriously and install the patch as quickly as possible. ”

Vulnerability is attributed to CVE-2016-5195, most modern Linux distributions are susceptible to it, moreover, the researcher (Phil Oester), who discovered the vulnerability, claims that this vulnerability is exploited by hackers .

On Thursday, October 20, one of the key developers of the Linux kernel, Greg Kroah-Hartman, announced the release of updates for Linux versions 4.8, 4.7 and 4.4 LTS, which fix the Dirty COW vulnerability.
')
The vulnerability is caused by a race condition during copy-on-write (COW) processing operations in the memory management subsystem and can disrupt the memory mapping in read-only mode. On the practical side, the problem allows recording in the memory area, reflected in read-only mode. For example, an exploit prototype shows how to use this problem to modify the contents of a file owned by the root user and read-only. In particular, with the help of the proposed method of attack, an unprivileged attacker can change executable system files, bypassing regular access control mechanisms.

$ sudo -s # echo this is not a test > foo # chmod 0404 foo $ ls -lah foo -r-----r-- 1 root root 19 Oct 20 15:23 foo $ cat foo this is not a test $ gcc -lpthread dirtyc0w.c -o dirtyc0w $ ./dirtyc0w foo m00000000000000000 mmap 56123000 madvise 0 procselfmem 1800000000 $ cat foo m00000000000000000 

To check the vulnerability available Proof-of-Concept exploit: click .

UPD: on request in the comments - update instructions .