Core-Layer
  • Home
  • Blog
  • LINKS
  • ABOUT
  • Contact

Blog

Dirty Cow / CVE-2016-5195 - Privilege escalation in Linux Kernel since 2007

27/10/2016

0 Comments

 
A pretty big flaw has been release under CVE-2016-5195 that allows a privilege escalation attack in the Linux Kernel that  has been there since 2007. The conditions are almost impossible to reach in normal operations but some programs have been released to force those conditions by using two threads.

To reproduce it:
1. Download the dirtyc0w.c file from https://github.com/dirtycow/dirtycow.github.io
2. Compile it using gcc for example:
​    gcc -pthread dirtyc0w.c -o dirtyc0w
3. Use it  as follow:
    ./dirtyc0w <file_to_modify> <new_file_content>
4. Obviously, thanks to Dirty Cow, the <file_to_modify> can be a file on which the user does not have permission to modify, including  root files !

The flaw works by writing to memory the new content so you cannot write content longer than the original size. If you attempt to write "123456" to a file containing "456", it will write "123".

0 Comments

    Archives

    July 2021
    July 2018
    March 2018
    October 2017
    May 2017
    April 2017
    March 2017
    October 2016
    February 2016
    January 2016

    Categories

    All
    API
    Chrome
    Cisco
    Code Qr
    Covid
    Dev
    Données Personnelles
    Fix
    IIS
    Issue
    Linux
    Microsoft
    Moto
    Network
    News
    Python
    Qr
    Qr Code
    Quebec
    Raspberry Pi
    Roadtrip
    Securité
    Security
    SQL
    Vulnerability
    Windows

    RSS Feed

Proudly powered by Weebly
  • Home
  • Blog
  • LINKS
  • ABOUT
  • Contact