A serious breach in the Linux platform allows the alteration of sensitive operating system files, allowing the modification of data and, primarily, access controls for users of the operating system. The vulnerability is known as Dirty Pipe and affects all system kernels from version 5.8, which means the flaw is also present on Android phones.
Despite the severity of the outage, this is also a situation where only outdated systems are vulnerable. The flaw was discovered by security expert Max Kellerman and is already patched in various distributions of Linux and also on Android, but it remains a danger, especially for companies that have servers running outdated versions of the software.
In the exploit linked to the CVE-2022-0847 vulnerability, an attacker is able to modify data or insert information into read-only files, including those running in the root of the operating system . From there, it would be possible to inject different types of data or routines, especially those focused on changing access controls or permissions, freeing users without administrative privileges to make deep changes, for example .
Want to stay up to date with the best tech news of the day? Access and subscribe to our new youtube channel, Canaltech News. Every day a summary of the main news from the tech world for you!
Talk about 2 DirtyPipe POC (CVE-2022-0847)
Original POC: https://t.co/QBHYU6i33N is able to overwrite arbitrary file with offset like ./exp /etc/passwd 5 “:0:0:rootx”
Improved point of contact: https://t.co/qurmceoXI8 is able to overwrite a SUID program like ./exp /usr/bin/su pic.twitter.com/telIWSYG67
— Phith0n (@phithon_xg) March 7, 2022
A proof of concept presented by security researcher Phith0n, for example, demonstrated how Dirty Pipe could be used to modify the password store, erasing the credentials of a user with access to the root of the system. . From there, an attacker without proper privileges could manipulate the account, run scripts, or perform other malicious actions.
The fear relates to the use of openings for the installation of ransomware and other parasites, mainly due to the similarities between Dirty Pipe and another similar violation, the Dirty Cow, discovered and attenuated at the end of 2016. The idea is that similar methods can now be used by criminals, especially since proof-of-concept and vulnerability details have been released to the public.
The flaw was disclosed to developers in February, with Linux kernel versions 5.10.102, 5.15.25, and 5.16.11 no longer allowing exploitation. The same goes for the Android operating system, with the recommendation now being a quick update for companies and institutions that use the platform, especially in the case of universities, cloud services and the hosting that allow users to access servers through the console.