Dirty Cow / CVE-2016-5195 - Privilege escalation in Linux Kernel since 2007

27/10/2016

A pretty big flaw has been release under CVE-2016-5195 that allows a privilege escalation attack in the Linux Kernel that has been there since 2007. The conditions are almost impossible to reach in normal operations but some programs have been released to force those conditions by using two threads.

To reproduce it:
1. Download the dirtyc0w.c file from https://github.com/dirtycow/dirtycow.github.io
2. Compile it using gcc for example:
gcc -pthread dirtyc0w.c -o dirtyc0w
3. Use it as follow:
./dirtyc0w <file_to_modify> <new_file_content>
4. Obviously, thanks to Dirty Cow, the <file_to_modify> can be a file on which the user does not have permission to modify, including root files !

The flaw works by writing to memory the new content so you cannot write content longer than the original size. If you attempt to write "123456" to a file containing "456", it will write "123".

7 Comments

dentista link

12/10/2023 03:41:37

In contrast, dry socket can result in infection and prolonged discomfort, which may affect adjacent teeth and gums. This highlights the importance of early intervention and prompt treatment to preserve your overall oral health.

insurance for professional services organizations link

12/10/2023 03:59:18

Cannabis event can include this type of coverage to protect you from legal claims stemming from the use of cannabis products at your event. It's a crucial safeguard to have in place, especially in regions where cannabis consumption is legal.

lumineers vs bonding link

12/10/2023 04:26:22

This feature provides a level of flexibility that may appeal to individuals who are unsure about committing to a permanent cosmetic alteration. Maintaining porcelain veneers is relatively straightforward.

roofing livingston tx link

12/10/2023 05:37:09

As they have the expertise and tools to identify hidden damage and recommend the appropriate course of action, which may include roof replacement. A damaged roof can compromise the structural integrity of your entire home.

pearland tax experts link

12/10/2023 05:50:07

One of the major incentive for the matter for the tax is poised for the goodness. The theme of the file and Pearland tax experts for the choices. Ramies implied for the reforms. Margin of the tax is accepted for the top of the turns for all people.

temp agencies for security jobs link

12/10/2023 06:09:50

All the push ups of the man are tested and approved for the field. The chunks of the team and temp agencies for security jobs for all filers. The theme is done for the adoption for the terms for the chunks for the event and ideal paths for the mid of the offers for humans.

volkswagen amarok head unit upgrade link

12/10/2023 06:34:45

With natural language commands, creating a more seamless and user-friendly experience. It's like having a knowledgeable companion in the passenger seat. Car infotainment systems have made long road trips a pleasure.

Blog