IMAGINE there was an invisible hole in your wall through which strangers could come and go and gain access to your house and possessions. Imagine further that the hole had been there for nine years and that you found out about it only recently because someone had come upon it quite by accident.
If you use an Android phone or use a Linux computer, chances are you’ve got such a hole in your system.
It’s called “Dirty Cow” because it exploits the copy-on-write mechanism of Linux-based systems, and it’s a bug that’s been sitting there unnoticed for the last nine years.
Officially known as CVE-2016-5195, Dirty Cow is a flaw that allows any local user to gain write access to otherwise read-only memory mappings, giving that user total control of the system. The bug resides in the Linux kernel, the essential part of any Linux distrubition that is responsible for resource allocation, low-level hardware interfaces, security, simple communications, basic file system management and more.
Dirty Cow was uncovered by Philip Oester, a network administrator and security researcher while capturing HTTP traffic on a server that seemed to have been hacked.
The security issue has been around since 2007 and is now likely to become more widespread, Oester said, noting that the vulnerability is consistent, easy to exploit, and exists in practically all Linux distributions on millions of computers that go back many years.
“All Linux users need to take this bug very seriously, and patch their systems ASAP,” he said.
Dirty Cow is a serious flaw because Linux is widely used in webservers and is also at the core of Android, Google’s operating system, which is used in some 87 percent of all smart phones worldwide.
Exploitation of the bug does not leave any trace of anything abnormal happening, says an FAQ on the Dirty Cow bug (https://dirtycow.ninja/).
The good news is, most major Linux distributions including Ubuntu, Red Hat and Debian have already patched the vulnerability. That means that your Linux box should be fine, as long as you’ve applied the latest security updates.
To find out which version of the kernel is running on your Ubuntu system, type the following into a terminal window:
uname -a
If you’re running a version of Linux older than the ones listed here, you need to update your system and reboot your server:
4.8.0-26.28 for Ubuntu 16.10
4.4.0-45.66 for Ubuntu 16.04 LTS
3.13.0-100.147 for Ubuntu 14.04 LTS
3.2.0-113.155 for Ubuntu 12.04 LTS
To update Ubuntu, type this into the terminal:
sudo apt-get update && sudo apt-get dist-upgrade
Writing in the Security Metrics blog, security analyst Steven Snelgrove notes that the risk that Dirty Cow presents to ordinary users isn’t very high.
“[I]n order to exploit this bug, the attacker must first be able to deliver the code on the system. Before they can even get close to the kernel stack, the attacker has to first gain access to your system. From the outside, normal protections against code execution should prevent exploitation of this vulnerability,” he writes.
“In terms of web services and other network connected devices, delivering the code would be difficult to do. The real risk is when user-level access exists on a device, as well as the ability to execute programs on the device,” he adds.
The Dirty Cow bug seems to hae the greatest potential impact on Android phones.
“The situation is different because these phones have apps running as user-level programs. As a result, a malicious app could exceed their privileges to obtain information off the device,” Snelgrove notes.
Unfortunately, security patches for Android phones are unlikely to come very soon, because security updates are handled by different manufaturers rather than directly by Google, and depending on the vendor, OS updates may come regularly or not at all.
While you’re waiting to get a security patch for your Android phone, follow the commonsense rule that should be your default behavior, anyway—don’t install software from unknown sources. Chin Wong
Column archive and blog at: http://www.chinwong.com
