Jump to content

Patched Your Linux Lately?


Razors Edge
 Share

Recommended Posts

I like that Dirty Pipe is a relative of the older (more difficult) Dirty Cow hack :)  Goofy name :P

As part of the Dirty Pipe disclosure, Kellerman released a proof-of-concept (PoC) exploit that allows local users to inject their own data into sensitive read-only files, removing restrictions or modifying configurations to provide greater access than they usually would have.

For example, security researcher Phith0n illustrated how they could use the exploit to modify the /etc/passwd file so that the root user does not have a password. Once this change is made, the non-privileged user could simply execute the 'su root' command to gain access to the root account.

However, an updated exploit by security researcher BLASTY was also publicly released today that makes it even easier to gain root privileges by patching the /usr/bin/su command to drop a root shell at /tmp/sh and then executing the script.

Once executed, the user gains root privileges, as demonstrated by BleepingComputer below in Ubuntu 20.04.3 LTS running the 5.13.0-27-generic kernel.

dirtypipe-poc.jpg

  • Awesome 1
Link to comment
Share on other sites

5 hours ago, Philander Seabury said:

Dammit Bucky!  @Further is right aboot you!

Hmm, my laptop rarely asks for patches but the older version on the desktop does regularly. Owl check this morning. 

So security by obscurity is over. Dangit. 

Hmmm. The newer Ubuntu is set to notify me daily yet it does snot. The older one does. Dangit. 

Usually the security folks find a flaw, notify developers of the flaw, wait for the patch, and the push folks to get the patch.  If you don't try to get the patch created and disseminated, the general assumption is that the Bad Guys already have it and are using it.  Ignorance (of users) is not bliss when it comes to dealing with hackers.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...