A dangerous bug has been found in Linux operating system. This vulnerablity is a Linux kernel security flaw that allows privilege-escalation – a user can gain root priveleges in less than 5 seconds. Scary isn’t it! Cyber security experts have named it as the “Dirty COW” bug. Phil Oester, a Linux developer had discovered and reported the Dirty COW bug.
The Red Hat site describes the bug as:
“A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.”
The finding revealed that the Dirty COW vulnerability had been exploited for more that 9 years. Linus Torvalds has stated that he knew about this vulnerability 11 years back, but did not fix it as it was considered to be very difficult to exploit. Now, however, it has been found that it was being exploited in the wild.
Privilege-escalation is scary, as malware that gains root access would gain complete control of the device within 5 seconds. Any user with limited access privileges would gain root (administrative) priveleges too. This would allow them to encrypt data, takeover the network and install other malware. “Copy on write (COW)” is a duplication technique. The Dirty COW vulnerability allows a local/underpriveleged user to escalate his/her allowed privileges to root.
What more is needed for malicious intent? For over 9 years this bug has been exploited, while all this time Linux had been considered pretty safe!
Wonder what other vulnerability is still being exploited in Linux.
The Dirty COW vulnerability has been found in the kernel area that exists in all distributions of Linux. And as Linux is being used in most servers worldwide, this vulnerability could have a massive impact.
Now, patches are being releases distro-wise and version-wise for this Linux kernel bug. All Linux users must update their systems immediately with the latest software patches as and when they are being released.
How to Stay Protected Against Linux Malware
The Dirty COW bug vulnerability was not detected by any antivirus program. The only way it could be possibly be detected is through suspicious malicious activity that it may do.
- Get an effective antivirus that features real-time, cloud-based virus scanning, virus removal and warns about malicious activity (behavioural analysis)
- Update the operating system with the latest patches
- Make sure that the operating system is regularly updated with the latest patches.
- Ensure that the antivirus solution is always update with the latest definitions
- Make use of a Patch management system
Protect your websites from threats