Thursday, November 10, 2016

Dirty Cow

Hey all,
Two years ago I’m sure you’ve all heard about ShellShock – a remote code execution exploit in bash that existed for about 25 years until discovered.

Three weeks ago a new vulnerability, known as Dirty Cow (or CVE-2016-5195 if you insist), was discovered.
This exploit allows local privilege escalation on almost all Linux distributions and kernels as the vulnerable code existed since 2007 (from kernel version 2.6.22 and even 2.6.18 for some distributions).

While this is only a privilege escalation vulnerability, there are already reports of users gaining limited access to servers and using this vulnerability to escalate their privileges.
In fact, the exploit became public as a security researcher observed the exploit in a pcap file.

Organizations are kindly requested to upgrade their kernel version.

BTW,
This exploit can also be used to root your Android device (https://github.com/timwr/CVE-2016-5195)

Stay tuned for more updates.
Dan Gurfinkel
Head of Offensive Security & Response Unit