Linux users at risk: A new exploit found in all distributions

A very dangerous new security flaw in Linux systems has been discovered • by Claudio Davide Ferrara • March 8, 2022

The security researcher Max Kellermann, Software Engineer for CM4all GmbH, recently published a security report which discloses the discovery of an important security flaw present in all major Linux distributions. This bug has been referred to as "Dirty Pipe" and allows local users to access administrator powers via an exploit that exploits a vulnerability in the "password" file present in the directory etc. According to the researcher, it is possible to overwrite this file and perform a privilege escalation without having to enter root user credentials. This security flaw has been classified as CVE-2022-0847. Fortunately, this is a locally only exploit. Therefore it is not possible to exploit this bug to take possession of the system remotely but it is necessary to have physical access to the target PC. As specified by Max Kellermann in his report, CVE-2022-0847 allows you to overwrite the data present in / etc / password even if they are in read-only mode, completely bypassing the SUID permissions or those system settings that allow the modification of a particular group of files only to its owner (who in this case is the root user). Max Kellermann discovered this bug after analyzing the log files of a web server that was presenting various problems. It seems that this flaw has been present since the 5.8 release of the Linux kernel, therefore it afflicts a huge pool of distributions. Also according to security researcher CVE-2022-0847 it is conceptually very similar to another exploit called Dirty COW, discovered in 2016 and classified as CVE-2016-5195. So developing a patch to fix the vulnerability shouldn't be very complex. In fact, security updates are coming, dedicated to solving this bug, for Linux versions 5.16.11, 5.15.25, and 5.10.102. However, there are thousands of web servers with older kernel builds on the net that are still vulnerable to this type of attack.