A pretty big flaw has been release under CVE-2016-5195 that allows a privilege escalation attack in the Linux Kernel that has been there since 2007. The conditions are almost impossible to reach in normal operations but some programs have been released to force those conditions by using two threads.
To reproduce it:
1. Download the dirtyc0w.c file from https://github.com/dirtycow/dirtycow.github.io
2. Compile it using gcc for example:
gcc -pthread dirtyc0w.c -o dirtyc0w
3. Use it as follow:
./dirtyc0w <file_to_modify> <new_file_content>
4. Obviously, thanks to Dirty Cow, the <file_to_modify> can be a file on which the user does not have permission to modify, including root files !
The flaw works by writing to memory the new content so you cannot write content longer than the original size. If you attempt to write "123456" to a file containing "456", it will write "123".
Leave a Reply.