Dirty COW Vulnerability Main Image.jpg

All You Need to Know About Dirty COW Vulnerability

Authored by Ameex Technologies on 11 Sep 2018

You may have heard the phrase "Dirty COW" over the last few days. Although most have related the terminology to the animal "cow," it actually signifies a major vulnerability found in the heart of the Linux Operating System. We initially thought this is a new bug that has recently surfaced, but that doesn't seem to be so. This dirty COW has been existing undetected in Linux Kernel for the last 9 years until it was discovered recently by researcher, Phil Oester. This rings the alarm on how critical this must be in Kernel, the central module of Operating System(OS).

What is Dirty COW?

Let's dig a little deeper into what Dirty COW is. Dirty COW, officially known as "CVE-2016-5195", is a privilege escalation vulnerability found in the Linux Kernel. It is defined as "a race condition that was found in the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings"

In layman terms:
 Any unprivileged user can use this loophole to gain an edit or write access where usually it is only a read only access and thereby increase their privileges on the system without being known to anyone else.

What's the impact?

The detrimental effects of this vulnerability are that anyone can gain access to the root folder of server and can modify any file in the server or in the computer.
Another troubling element is that the vulnerability cannot be detected by any antivirus or security software. Once exploited, there is no evidence of what actions have been taken.

In short, the impact is high. Especially since this has been existing in Linux systems for a whopping 9 years.
If you are running the latest version of Linux Kernel, you have probably don't have much to worry about, since the vendor has already applied the patch to fix the issue. If you are not on the latest version of Linux Kernel, then you might need to be worried. This is not only restricted to servers and computers, but also on smart phones that run on Android platform.

Steps to be taken

Having read the in-depth impact of Dirty COW, we know there are some immediate steps that need to be taken. We've listed them below to help you stay safe from the exposed risks:

  • Update all Linux systems/computers to latest version
  • Update all Android phones to latest version
  • Install the patch for the vulnerability, if you can't update

In some cases, if you are unable to update or install the patch, it is advisable that you quickly move to a new Linux OS. Not sure what to do? Talk to our team today! We can help you seamlessly integrate to the latest version of Kernel. Not to mention, we can help keep the Kernel updated so you stay safe & secure.