Jump to content
  • aum

    • 456 views
    • 3 minutes
     Share


    • 456 views
    • 3 minutes

    Dirty pipe “Most serious” Linux privilege-escalation bug 

     

    Linux has yet another high-severity vulnerability that makes it easy for untrusted users to execute code capable of carrying out a host of malicious actions, including installing backdoors, creating unauthorised user accounts, and modifying scripts or binaries used by privileged services or apps.

     

    The vulnerability has been called Dirty Pipe and is the biggest hole disclosed since 2016, the year another high-severity and easy-to-exploit Linux flaw (named Dirty Cow) came to light as it was being used to hack a researcher's server.

     

    For those who can’t remember 2016 Dirty Cow could be used to root any Android phone, regardless of the mobile OS version. Eleven months later, researchers unearthed 1,200 Android apps in third-party markets that maliciously exploited the flaw to do just that.

     

    In Linux land a pipeline is two or more processes that are chained together so that the output text of one process (stdout) is passed directly as input (stdin) to the next one.

     

    Tracked as CVE-2022-0847, the vulnerability came to light when a researcher for website builder CM4all was troubleshooting a series of corrupted files that kept appearing on a customer's Linux machine. After months of analysis, the researcher finally found that the customer's corrupted files were the result of a bug in the Linux kernel.

     

    Max Kellermann of CM4all parent company Ionos figured out how to weaponise the vulnerability to allow anyone with an account to add an SSH key to the root user's account. With that, the untrusted user could remotely access the server with an SSH window that has full root privileges.

     

    Other researchers quickly showed that the unauthorised creation of an SSH key was only one of many malicious actions an attacker can take when exploiting the vulnerability. This program, for instance, hijacks an SUID binary to create a root shell, while this one allows untrusted users to overwrite data in read-only files.

     

    You can use Dirty Pipe to create a cron job that runs as a backdoor, adding a new user account to /etc/passwd + /etc/shadow (giving the new account root privileges), or modify a script or binary used by a privileged service.

     

    The vulnerability first appeared in Linux kernel version 5.8, which was released in August 2020. The vulnerability persisted until last month, when it was fixed with the release of versions 5.16.11, 5.15.25, and 5.10.102.

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...