Most of us thought 2015 was the year of the data breach, but then 2016 happened. 2017 has a job to do if it wants to continue the trend
'Dirty COW' Linux kernel security vulnerability being exploited in the wild, warns Red Hat
In October a Linux kernel security flaw - dubbed ‘Dirty COW' - was found being exploited ‘in the wild', as open source software vendor Red Hat warned, with users urged at the time to update their systems as soon as possible.
The flaw and its exploitation was uncovered by Linux security researcher Phil Oester, who claimed that the exploit is easy to execute and will almost certainly become more widely used. A patch was soon rushed out.
"The exploit in the wild is trivial to execute, never fails and has probably been around for years - the version I obtained was compiled with gcc 4.8," he said.
"As Linus [Torvalds] notes in his commit, this is an ancient bug and impacts kernels going back many years. All Linux users need to take this bug very seriously, and patch their systems ASAP."
Oester said that he uncovered the exploit for the bug, which has been around since 2007, while examining a server that appeared to have been attacked.
"One of the sites I manage was compromised, and an exploit of this issue was uploaded and executed. A few years ago I started packet capturing all inbound HTTP traffic and was able to extract the exploit and test it out in a sandbox," he said.
"These rolling packet captures have proved invaluable numerous times. I would recommend this extra security measure to all admins."
The Dirty COW moniker was applied as a descriptive of the security flaw: "A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings.
"An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system," Red Hat warned.
