Linux has fallen victim to another highly-serious privilege escalation vulnerability in a recent succession of control group flaws that allowed threat actors to evade containers and execute arbitrary code. This new vulnerability weapons the piping mechanism in Linux and uses it to gain write access with root privileges.

It has been raising eyebrows throughout the Linux community and has been named as one of the most serious threats discovered in Linux since 2016.

What is Dirty Pipe in Linux?

The Dirty Pipes vulnerability in Linux allows non-privileged users to execute malicious code that allows users to install backdoors into the system, including injecting code into scripts, altering binaries used by advanced programs, and creating unauthorized user profiles. Capable of many destructive actions.

This bug is being tracked as CVE-2022-0847 and has been called “Dirty Pipe” because it is close to Dirty Cow, an easily exploitable Linux vulnerability from 2016 that allowed a bad actor to have the same level of privilege and privileges. given powers.

How does dirty pipe work?

Dirty Pipes, as the name suggests, uses Linux’s pipeline mechanism with malicious intent. Piping in Linux is an age-old mechanism that allows one process to inject data into another. It allows local users to gain root privileges on any system with publicly available and easily developed exploits.

It is a unidirectional and inter-process communication method in which one process takes input from the previous one and produces output for the next in line.

Dirty Pipes takes advantage of this mechanism combined with the splice function to overwrite sensitive read-only files, for example /etc/passwd , which can be manipulated to get a root shell with no password.

While this process may seem sophisticated, what makes Dirty Pipe incredibly dangerous is that it is very easy to repeat.

Who is affected by dirty pipe vulnerability?
Dirty Pipe’s attack surface extends to all Linux kernel versions from 5.8 to 5.16.11. In layman’s terms, this means that all distros, from Ubuntu to Arch and everything in between, are susceptible to being compromised by Dirty Pipes.

Affected Linux kernel versions range from 5.8 to 5.10.101.

Since this vulnerability sits deeply in a fundamental piece of the Linux kernel, it can have ramifications all over the world. Its ease of exploitation as well as its scope make Dirty Pipes a major threat to all Linux maintainers.

As security updates roll out, researchers are alerting both businesses and independent users to patch their servers and systems.

How to fix dirty pipe vulnerability and are you safe?

If your system is susceptible to Dirty Pipes, the best course of action is to update your system with the latest security updates. The vulnerability was first reported by Max Kellerman of CM4 around February 20, 2022, and a patch mitigating the threat on kernel versions 5.10.102, 5.15.25, and 5.16.11 was released on February 23, 2022 in the Linux kernel. Issued by security team. ,

Google has played its part and fixed the flaw in Android a day later on February 24, 2022. So, if you have kept your Linux machines up-to-date, you should be worry free and secure.

What is the future of dirty pipes?

According to Linux Server statistics, it is the operating system of choice for over 1 million web servers currently deployed and online. All this data should be enough to illustrate the scope of the Dirty Pipe and how devastating it can be.

To add to this, like Dirty Cow, there is no way to mitigate this other than updating your kernel. Therefore, web servers and systems running sensitive kernel versions are in for a world of trouble if they get hit by the dirty pipe.

Given that there is a raft of exploits floating around the Internet, all system maintainers are advised to be on their toes at all times and be wary of anyone with local access until their systems are patched.

Leave a Reply

Your email address will not be published. Required fields are marked *