Dirty COW flaw existed in Linux kernel for 9 years

Oct 20, 2016 18:25 GMT  ·  By

The Linux kernel team has fixed a security flaw deployed in attacks against production servers. The zero-day's identifier is CVE-2016-5195, but you'll also find it referenced online as Dirty COW.

According to the official patch, released yesterday, the issue existed in the Linux kernel since version 3.9, released in 2007.

There is no evidence that attackers exploited the flaw since 2007, but security researcher Phil Oester notified Red Hat of recent incidents where an attacker had deployed exploit code that leveraged this issue.

CVE-2016-5195 is a race condition in the Linux kernel

According to Red Hat, CVE-2016-5195 is a race condition in the way the "Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings."

A race condition is a term used in computer science to describe tasks that execute in the incorrect order, which often crash applications or leave the door open for executing further code.

The result of CVE-2016-5195 was a possibility for attackers to elevate their privileges on a targeted system, even to root level.

Dirty COW is a case of an intentionally overhyped security flaw

Outside of the fact that it was deployed in live attacks, the Dirty COW vulnerability isn't considered a danger for the Linux ecosystem, but that doesn't mean users should delay patching operations.

The security researchers that discovered the flaw chose to make fun of the security firms that overhype their findings. As such, they've created a Dirty COW logo, homepage, Twitter account, and an online shop where you can buy laptop bags for the small price of $17,100 (that's THOUSANDS).

Nevertheless, the danger is real. In an interview with V3, Oester revealed that one of the sites he was managing was compromised after an attacker uploaded and executed a weaponized exploit of CVE-2016-5195.

"As Linus [Torvalds] notes in his commit, this is an ancient bug and impacts kernels going back many years," Oester told the publication. "All Linux users need to take this bug very seriously, and patch their systems ASAP."

The idea is that all security flaws are important, not just those labeled as "critical"