steven36 Posted October 20, 2016 Share Posted October 20, 2016 Offal bug found in Linux. What is Dirty COW? It's the name given to a newly discovered vulnerability in virtually all versions of the Linux operating system. More accurately it should be referred to as CVE-2016-5195 - but where is the fun in that? But why Dirty COW? According to the researchers who found the flaw, and created a website to share information about it: Quote "A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system." Essentially it means that - if the vulnerability is left unpatched - if a local user can read a file, they can also write to it. Ouch! So this is a privilege escalation vulnerability, rather than a potentially more dangerous code execution vulnerability? Right. But don't let that thought lure you into resting on your laurels, as researchers claim they have found an in-the-wild exploit using the vulnerability. Okay. Is this a new vulnerability? Umm.. unfortunately not. Although it has only recently been uncovered, it appears that the flaw has been present in the Linux kernel for going on nine years. Sheesh.. isn't the whole point of open source software that it's available for anyone to review, find bugs, etc...? How come this wasn't spotted and fixed earlier? Good question. Just earlier this week, research was published claiming that Linux bugs have a typical lifetime of approximately five years. I run Red Hat / Debian / Ubuntu. Where can I find out more about what I should be doing. That's easy. Redhat on CVE-2016-5195. Debian on CVE-2016-5195. Ubuntu on CVE-2016-5195. Anything else? Be sure to check out the official Dirty COW website (yes, they have a website as well as a Twitter account, and the now obligatory vulnerability logo) at http://dirtycow.ninja/ Source: https://www.grahamcluley.com/dirty-cow-linux-vulnerability-need-know/ Link to comment Share on other sites More sharing options...
steven36 Posted October 21, 2016 Author Share Posted October 21, 2016 What is so messed up about this bug Linus Torvalds knew about this bug eleven years and they fixed it once but the patch came undone The band-aid fell off Mooooooo The Zombie Cow came back to life. Quote Linus Torvalds <[email protected]> mm: remove gup_flags FOLL_WRITE games from __get_user_pages() This is an ancient bug that was actually attempted to be fixed once (badly) by me eleven years ago in commit 4ceb5db9757a ("Fix get_user_pages() race for write access") but that was then undone due to problems on s390 by commit f33ea7f404e5 ("fix get_user_pages bug"). In the meantime, the s390 situation has long been fixed, and we can now fix it by checking the pte_dirty() bit properly (and do it better). The s390 dirty bit was implemented in abf09bed3cce ("s390/mm: implement software dirty bits") which made it into v3.9. Earlier kernels will have to look at the page state itself. Also, the VM has become more scalable, and what used a purely theoretical race back then has become easier to trigger. To fix it, we introduce a new internal FOLL_COW flag to mark the "yes, we already did a COW" rather than play racy games with FOLL_WRITE that is very fundamental, and then use the pte dirty flag to validate that the FOLL_COW flag is still valid. Reported-and-tested-by: Phil "not Paul" Oester <[email protected]> Acked-by: Hugh Dickins <[email protected]> Reviewed-by: Michal Hocko <[email protected]> Cc: Andy Lutomirski <[email protected]> Cc: Kees Cook <[email protected]> Cc: Oleg Nesterov <[email protected]> Cc: Willy Tarreau <[email protected]> Cc: Nick Piggin <[email protected]> Cc: Greg Thelen <[email protected]> Cc: [email protected] Signed-off-by: Linus Torvalds <[email protected]> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619 I already patched it on this system I'm on now with Linux Mint 17.3 I use LTS kernel 3.13 witch get updates tell 2019 ..Its the only kernel were the open source drivers work right on my AMD hardware . I used newer ones before but I had too use closed source catalyst to fix it , now i just use the open source ones . https://launchpad.net/ubuntu/+source/linux/3.13.0-100.147 I winder when Android will get this patch 2020 -2025 ? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.