‘Dirty Cow’ Linux Vulnerability Found After Nine Years

The operating system that lies at the core of most servers on the internet and most smartphones has a critical vulnerability which has existed, unnoticed, for nine years.

Called ?EU?Dirty Cow?EU? (because it exploits a mechanism called copy-on-write), the bug allows an attacker to gain privilege escalation on the Linux kernel.

Linux, a free open-source operating system, is at the heart of a huge number of applications, but its most well-known uses are in webservers (under brand names such as Red Hat, Ubuntu and Debian) and as the core of Android, Google?EU?s operating system for smartphones.

Because it?EU?s open-source, anyone can see, re-use, and suggest edits to the core source code, which is usually thought to increase the security of the operating system: many eyes means a higher chance of someone spotting, and fixing, bugs.

But the Dirty Cow bug -- officially called CVE-2016-5195 -- was originally introduced to the kernel nine years ago, and has been sitting unnoticed for much of that time. In fact, research published this week claimed that the typical Linux bug reaches about five years old before it is fixed.

Dirty Cow is a class of vulnerability known as a ?EU?privilege escalation bug?EU?, which means that it allows an attacker which has already gained some measure of control over a specific computer to leverage that into total control.

According to Phil Oester, the researcher who found the bug, an exploit taking advantage of Dirty Cow has already been found in the wild.

But the research team warn that while Dirty Cow is serious, it shouldn?EU?t distract from the more workaday bugs, which are found regularly. ?EU?All the boring normal bugs are way more important, just because there?EU?s a lot more of them. I don?EU?t think some spectacular security hole should be glorified or cared about as being any more ?EU?special?EU? than a...

Comments are closed.

‘Dirty Cow’ Linux Vulnerability Found After Nine Years

The operating system that lies at the core of most servers on the internet and most smartphones has a critical vulnerability which has existed, unnoticed, for nine years.

Called ?EU?Dirty Cow?EU? (because it exploits a mechanism called copy-on-write), the bug allows an attacker to gain privilege escalation on the Linux kernel.

Linux, a free open-source operating system, is at the heart of a huge number of applications, but its most well-known uses are in webservers (under brand names such as Red Hat, Ubuntu and Debian) and as the core of Android, Google?EU?s operating system for smartphones.

Because it?EU?s open-source, anyone can see, re-use, and suggest edits to the core source code, which is usually thought to increase the security of the operating system: many eyes means a higher chance of someone spotting, and fixing, bugs.

But the Dirty Cow bug -- officially called CVE-2016-5195 -- was originally introduced to the kernel nine years ago, and has been sitting unnoticed for much of that time. In fact, research published this week claimed that the typical Linux bug reaches about five years old before it is fixed.

Dirty Cow is a class of vulnerability known as a ?EU?privilege escalation bug?EU?, which means that it allows an attacker which has already gained some measure of control over a specific computer to leverage that into total control.

According to Phil Oester, the researcher who found the bug, an exploit taking advantage of Dirty Cow has already been found in the wild.

But the research team warn that while Dirty Cow is serious, it shouldn?EU?t distract from the more workaday bugs, which are found regularly. ?EU?All the boring normal bugs are way more important, just because there?EU?s a lot more of them. I don?EU?t think some spectacular security hole should be glorified or cared about as being any more ?EU?special?EU? than a...

Comments are closed.