Linux vulnerability allows users to escalate privileges

25 October 2016

A Linux vulnerability that allows users to escalate their user privileges, which was spotted around 11 years ago has again come to the fore.

The vulnerability allows any user to gain 'root' access to a Linux-based system, including web servers. Linus Torvalds, who created Linux, tried to patch the bug many years ago, and his fixes seemed to have been patched out in subsequent updates, say commentators.

The bug, which has been dubbed Dirty COW (Copy On Write), is classified as a ''race condition'' vulnerability and due to its presence in the Linux kernel, it was present in almost every version of Linux, and leave every Linux installation vulnerable.

Phil Oester, a Linux security researcher uncovered the vulnerability while analysing a server that had been hacked. He wrote in an email to ArsTechnica, ''Any user can become root in < 5 seconds in my testing, very reliably. Scary stuff.''

As Torvalds explained, the bug was ''purely theoretical'' and could not be easily triggered, but recent advancements in VM (Virtual Machine) technologies had possibly made it possible for the attack to be launched today.

According to experts it was now clear that the vulnerability now posed a serious threat to a Linux environment and everything that was based on the Linux was now vulnerable, which includes most of the internet today.

The experts who officially maintain the Linux code had issued patches that addressed the issue, and users would do well to update their systems soon, according to commentators.

 search domain-b