Linux users are being warned that a dangerous and pervasive security flaw has been discovered inside the kernel that allows an attacker to easily gain full access. Dubbed “Dirty COW”, the exploit has reportedly been around for many years, but is now currently being used in the wild.
Phil Oester is a network admin and security researcher who uncovered the flaw while capturing HTTP traffic on a server that seemed to have been hacked. He explained that this security issue has been around since 2007, and is now likely to become more widespread. Oester said:
The exploit in the wild is trivial to execute, never fails and has probably been around for years – the version I obtained was compiled with gcc 4.8. As Linus [Torvalds] notes in his commit, this is an ancient bug and impacts kernels going back many years. All Linux users need to take this bug very seriously, and patch their systems ASAP.
The flaw, now logged as CVE-2016-5195, has to do with the way the Linux kernel handles “copy-on-write (COW) breakage of private read-only memory mappings”. An attacker exploiting the flaw could elevate his privileges on the system and take control of an affected device.
The flaw has already been patched in the kernel and now organizations are preparing security patches for everyone, so keep your devices up to date.