Security expert Max Kellermann discovered a Linux flaw, dubbed Dirty Pipe and tracked as CVE-2022-0847, that can allow local users to gain root privileges on all major distros.
The vulnerability affects Linux Kernel 5.8 and later versions.
The CVE-2022-0847 vulnerability allows overwriting data in arbitrary read-only files, which could lead to privilege escalation because unprivileged processes can inject code into root processes.
Kellerman explained that the flaw is similar to CVE-2016-5195, aka Dirty Cow, and is more dangerous because it is easier to exploit.
In a blog post, the researcher explained that he discovered the flaw while investigating corrupt access log files for one of its customers.
Kellerman published technical details about the Dirty Pipe flaw along with a proof-of-concept (PoC) exploit that allows local users to overwrite any file contents in the page cache, even if the file is not permitted to be written, immutable or on a read-only mount.
BleepingComputer reported a tweet published by the security researcher Phith0n who explained that it is possible to use the exploit to modify the /etc/passwd file to set the root user without a password. Using this trick a non-privileged user could execute the command ‘su root’ to gain access to the root account.
The researcher Phith0n also published an updated version of the exploit that allows gaining root privileges by overwriting a SUID program like ./exp /usr/bin/su to drop a root shell at /tmp/sh and then executing the script.
Below is the timeline for this vulnerability:
Servers running outdated kernel versions are exposed to attacks exploiting this flaw.
Follow me on Twitter: @securityaffairs and Facebook
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Linux)
[adrotate banner=”5″]
[adrotate banner=”13″]
The U.S. Department of State imposed visa restrictions on 13 individuals allegedly linked to the…
A cyber attack has been disrupting operations at Synlab Italia, a leading provider of medical…
Russia-linked APT28 group used a previously unknown tool, dubbed GooseEgg, to exploit Windows Print Spooler…
A financially motivated group named GhostR claims the theft of a sensitive database from World-Check…
Researcher demonstrated how to exploit vulnerabilities in the Windows DOS-to-NT path conversion process to achieve…
Japan's CERT warns of a vulnerability in the Forminator WordPress plugin that allows unrestricted file uploads…
This website uses cookies.