Corrine Posted October 21, 2016 Share Posted October 21, 2016 A nine-year-old critical vulnerability has been discovered in virtually all versions of the Linux operating system and is actively being exploited in the wild. Dubbed "Dirty COW," the Linux kernel security flaw (CVE-2016-5195) is a mere privilege-escalation vulnerability, but researchers are taking it extremely seriously due to many reasons. First, it's very easy to develop exploits that work reliably. Secondly, the Dirty COW flaw exists in a section of the Linux kernel, which is a part of virtually every distro of the open-source operating system, including RedHat, Debian, and Ubuntu, released for almost a decade. And most importantly, the researchers have discovered attack code that indicates the Dirty COW vulnerability is being actively exploited in the wild. Dirty COW potentially allows any installed malicious app to gain administrative (root-level) access to a device and completely hijack it. More at Dirty COW — Critical Linux Kernel Flaw Being Exploited in the Wild 1 Quote Link to comment Share on other sites More sharing options...
securitybreach Posted October 21, 2016 Share Posted October 21, 2016 Yeah but luckily it was fixed the day it was announced. Most distros should of updated it already as the patch was released yesterday. https://www.kernel.org/ Quote Link to comment Share on other sites More sharing options...
Corrine Posted October 22, 2016 Author Share Posted October 22, 2016 Thanks. I need to pass that along to a friend. Here's the US-CERT Info: https://www.us-cert.gov/ncas/current-activity/2016/10/21/Linux-Kernel-Vulnerability 1 Quote Link to comment Share on other sites More sharing options...
securitybreach Posted October 22, 2016 Share Posted October 22, 2016 Quote Link to comment Share on other sites More sharing options...
Robert Posted October 22, 2016 Share Posted October 22, 2016 Does this require physical access to the computer? 2 Quote Link to comment Share on other sites More sharing options...
securitybreach Posted October 22, 2016 Share Posted October 22, 2016 Does this require physical access to the computer? Yes, a local user. https://www.kb.cert.org/vuls/id/243144 2 Quote Link to comment Share on other sites More sharing options...
Cluttermagnet Posted October 23, 2016 Share Posted October 23, 2016 What a relief! (the local user part). I think we are safe in all our machines, then. I doubt anyone would find us important enough to sneak into our houses. I must have somewhere between 12-20 machines with Linux Mint on them. Probably use 8-10 of those at least monthly, most of them daily. BTW Hi, All. Been far too long... 2 Quote Link to comment Share on other sites More sharing options...
Dr. J Posted October 23, 2016 Share Posted October 23, 2016 According to the Manjaro forums, all supported kernels have already been patched in the Testing branch on that distro, with patches to enter the Stable branch soon. Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted October 23, 2016 Share Posted October 23, 2016 All systems are vulnerable when the physical device is exposed to unwanted fingers. I can break into and steal data from any of your Windows or Linux systems with nothing more than a portable USB linux OS and a bit of space on it to save your data once I access it and steal it. Porteus mounts all partitions on a system as root by default when started from a USB. Your only protection would be if your files were encrypted. Even then, I could still get in and lock them down with my own encryption and then ransom them. Or I could just delete them. I understand this flaw in the kernel we're talking about here is something that should never have been allowed and overlooked for so long, but I don't think it's anything near as dangerous as most of the FUD going around portends. Happy computing! Oh, and watch out for those Internet of Things. They're going to come around and bite you in the ascii someday; just ask Dyn about that. 2 Quote Link to comment Share on other sites More sharing options...
crp Posted October 23, 2016 Share Posted October 23, 2016 All systems are vulnerable when the physical device is exposed to unwanted fingers. I can break into and steal data from any of your Windows or Linux systems with nothing more than a portable USB linux OS and a bit of space on it to save your data once I access it and steal it. Porteus mounts all partitions on a system as root by default when started from a USB. Your only protection would be if your files were encrypted. Even then, I could still get in and lock them down with my own encryption and then ransom them. Or I could just delete them. I understand this flaw in the kernel we're talking about here is something that should never have been allowed and overlooked for so long, but I don't think it's anything near as dangerous as most of the FUD going around portends. Happy computing! Oh, and watch out for those Internet of Things. They're going to come around and bite you in the ascii someday; just ask Dyn about that. Heartily agree and second. I don't consider any security issue that involves physical access as critical. If people who should not already have access to the physical machine that is the critical flaw, anything after that is "closing the barn doors after ..."However, if the flaw only requires a remote login , then yeah FUD it all out. 1 Quote Link to comment Share on other sites More sharing options...
ebrke Posted October 23, 2016 Share Posted October 23, 2016 Happy computing! Oh, and watch out for those Internet of Things. They're going to come around and bite you in the ascii someday; just ask Dyn about that. I'm pretty sure that day has already come for Amazon, Netflix, etc. 1 Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted October 24, 2016 Share Posted October 24, 2016 http://tinyurl.com/zkjght4 (Computer World article) From the article linked above: "Since this is a local privilege escalation flaw that cannot be directly exploited by remote attackers, it is only rated as high severity and not critical. To take advantage of it attackers need to first obtain limited access to a server in some other way, such as through another vulnerability." Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.