The community has rediscovered a bug that allows you to take control of Linux with amazing ease.
There is no 100% secure system; That is something that anyone with a minimum of security knowledge can tell you. After all, those who have created the programs are imperfect human beings.
This is even truer when we talk about projects with hundreds of thousands, or millions of lines of code. Managing and deciding what to add and what to remove is no small task; On larger projects, it is easy for a bug to go unnoticed for years.
How the bug that allows you to take control of Linux works
CVE-2016-5195 is a similar bug. It has been present in the Linux kernel (kernel) at least since 2005, when its existence was first recorded. And worst of all is that it is the most serious privilege escalation bug in its history.
In contrast, a privilege escalation bug is usually not as well known as code execution bugs. As its name suggests, a bug like this allows us gradually take control of a system; for example, if we only have permissions to read files, we can get rights to write and edit files.
The direct consequence of this bug is that an attacker can take control of our device; by gaining administrator or root privileges, you can do whatever you want with the system.
This is not just any privilege escalation bug; according to the first experts who have been able to prove it, it is possible to take control of a Linux system in just five seconds. Therefore, it would be very difficult to detect the intrusion and do something about it at that time.
A bug with 11 years on top
The bug can be exploited easily, especially if we have local access to the system; in addition, any website that allows users to upload files will be opening its doors wide the attackers.
The interesting thing is that we know all that because the kernel creator himself, Linus Torvalds, already tried to fix it at the time. The bug affects the Copy On Write technique, COW, and that is why it has been called Dirty COW, Dirty Cow.
It is a curious story, at least. In 2005 Torvalds attempted to patch the vulnerability, but in a later update that patch was removed because it gave problems with another part of the kernel; all this without anyone realizing how important it was.
The true severity of a bug in the Linux kernel
Well, but nothing happens, right? A kernel patch has already been released and the bug can no longer be exploited, right? I wish it were that simple.
This is where the real danger of the bug is: the vast majority of current Linux systems still have the bug, and will have it for a long time. Although the Linux kernel is patched, very few people download and compile it.
The average user usually only updates their distro when they touch; for example, until Canonical doesn’t implement the new kernel and upload it to the repositories, all Ubuntu installations are vulnerable to this bug.
The severity of the bug is accelerating the process, but no matter how good the community does, there will always be no update systems. For example, Internet of Things devices that have Linux but are never updated.
These types of devices were the protagonists of a huge DDOS attack on DNS servers, which left a large number of websites disconnected; this bug will now facilitate future DDOS.