www.bleepingcomputer.com
Open in
urlscan Pro
104.20.60.209
Public Scan
URL:
https://www.bleepingcomputer.com/news/security/new-linux-bug-gives-root-on-all-major-distros-exploit-released/
Submission: On March 11 via api from US — Scanned from DE
Submission: On March 11 via api from US — Scanned from DE
Form analysis 6 forms found in the DOM
https://www.bleepingcomputer.com/search/
<form title="Search site" action="https://www.bleepingcomputer.com/search/">
<input type="hidden" name="cx" value="partner-pub-0920899300397823:3529943228">
<input type="hidden" name="cof" value="FORID:10">
<input type="hidden" name="ie" value="UTF-8">
<input type="search" name="q" aria-label="Search Site" placeholder="Search Site">
</form>https://www.bleepingcomputer.com/search/
<form action="https://www.bleepingcomputer.com/search/">
<input type="hidden" name="cx" value="partner-pub-0920899300397823:3529943228">
<input type="hidden" name="cof" value="FORID:10">
<input type="hidden" name="ie" value="UTF-8">
<input type="search" name="q" aria-label="Search Site" placeholder="Search Site">
</form>POST //bleepingcomputer.us10.list-manage.com/subscribe/post?u=3e2b3b692f780cdff40d45346&id=30c98e654e
<form action="//bleepingcomputer.us10.list-manage.com/subscribe/post?u=3e2b3b692f780cdff40d45346&id=30c98e654e" method="post" target="_blank" novalidate="">
<input type="email" name="EMAIL" aria-label="Enter email address" placeholder="Email Address...">
<div style="position: absolute; left: -5000px;"><input type="hidden" aria-hidden="true" name="b_3e2b3b692f780cdff40d45346_30c98e654e" tabindex="-1" value=""></div>
<input type="submit" value="Submit" class="bc_sub_btn">
</form>POST //bleepingcomputer.us10.list-manage.com/subscribe/post?u=3e2b3b692f780cdff40d45346&id=30c98e654e
<form action="//bleepingcomputer.us10.list-manage.com/subscribe/post?u=3e2b3b692f780cdff40d45346&id=30c98e654e" method="post" target="_blank" novalidate="">
<input type="email" aria-label="Enter email address" name="EMAIL" placeholder="Email Address...">
<div style="position: absolute; left: -5000px;"><input type="hidden" aria-hidden="true" name="b_3e2b3b692f780cdff40d45346_30c98e654e" tabindex="-1" value=""></div>
<input type="submit" value="Submit" class="bc_sub_btn">
</form>POST https://www.bleepingcomputer.com/forums/index.php?app=core&module=global§ion=login&do=process&return=https://www.bleepingcomputer.com/news/security/new-linux-bug-gives-root-on-all-major-distros-exploit-released/
<form action="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=login&do=process&return=https://www.bleepingcomputer.com/news/security/new-linux-bug-gives-root-on-all-major-distros-exploit-released/"
method="post">
<div class="bc_form_feild">
<label for="ips_username">Username</label>
<input aria-label="Enter login name" title="Enter login name" type="text" id="ips_username" name="ips_username" autocomplete="username">
</div>
<div class="bc_form_feild">
<label for="ips_password">Password</label>
<input aria-label="Enter login password" title="Enter login passwod" type="password" id="ips_password" name="ips_password" autocomplete="current-password">
</div>
<div class="bc_form_feild">
<div class="bc_remember">
<input id="remember" type="checkbox" name="rememberMe" value="1" checked="checked">
<label for="remember">Remember Me</label>
</div>
<div class="bc_anon">
<input id="anonymous" type="checkbox" name="anonymous" value="1">
<label for="anonymous">Sign in anonymously</label>
</div>
</div>
<div class="bc_btn_wrap">
<input type="hidden" name="auth_key" value="880ea6a14ea49e853634fbdc5015a024">
<input type="submit" aria-label="Login to site" title="Login" value="Login" class="bc_sub_btn">
<a aria-label="Sign in with Twitter" href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=login&serviceClick=twitter&return=https://www.bleepingcomputer.com/news/security/new-linux-bug-gives-root-on-all-major-distros-exploit-released/" class="bc_twitter_btn"><img src="https://www.bleepstatic.com/images/site/login/twitter.png" width="28" height="24" alt="Sign in with Twitter button"> Sign in with Twitter</a>
<hr>
<p>Not a member yet? <a aria-label="Register account" title="Register account" href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=register">Register Now</a></p>
</div>
</form><form>
<input type="hidden" id="comment-id-report" value="0">
<ul>
<li>
<label><input type="radio" name="comment-report-reason" value="Spam">Spam</label>
</li>
<li>
<label><input type="radio" name="comment-report-reason" value="Abusive or Harmful">Abusive or Harmful</label>
</li>
<li>
<label><input type="radio" name="comment-report-reason" value="Inappropriate content">Inappropriate content</label>
</li>
<li>
<label><input type="radio" name="comment-report-reason" value="Strong language">Strong language</label>
</li>
<li>
<label><input type="radio" name="comment-report-reason" value="Other">Other</label>
</li>
<li id="comment-report-other-reason-wrap" style="display:none;">
<textarea aria-label="Enter other reason for reporting the comment" rows="2" cols="2" id="comment-report-other-reason"></textarea>
</li>
</ul>
<p>Read our <a href="https://www.bleepingcomputer.com/posting-guidelines/">posting guidelinese</a> to learn what content is prohibited.</p>
</form>Text Content
WE VALUE YOUR PRIVACY
We and our partners store and/or access information on a device, such as cookies
and process personal data, such as unique identifiers and standard information
sent by a device for personalised ads and content, ad and content measurement,
and audience insights, as well as to develop and improve products.
With your permission we and our partners may use precise geolocation data and
identification through device scanning. You may click to consent to our and our
partners’ processing as described above. Alternatively you may access more
detailed information and change your preferences before consenting or to refuse
consenting. Please note that some processing of your personal data may not
require your consent, but you have a right to object to such processing. Your
preferences will apply to this website only. You can change your preferences at
any time by returning to this site or visit our privacy policy.
MORE OPTIONSAGREE
*
*
*
*
*
*
* News
* Featured
* Latest
* REvil ransomware member extradited to U.S. to stand trial for Kaseya
attack
* REvil ransomware member extradited to U.S. to stand trial for Kaseya
attack
* CISA updates Conti ransomware alert with nearly 100 domain names
* Russia creates its own TLS certificate authority to bypass sanctions
* Microsoft confirms Intune enrollment issue on Android devices
* Corporate website contact forms used to spread BazarBackdoor malware
* Malware disguised as security tool targets Ukraine's IT Army
* Google rolling out Air Raid Alerts to Android users in Ukraine
* Downloads
* Latest
* Most Downloaded
* Qualys BrowserCheck
* STOPDecrypter
* AuroraDecrypter
* FilesLockerDecrypter
* AdwCleaner
* ComboFix
* RKill
* Junkware Removal Tool
* Virus Removal Guides
* Latest
* Most Viewed
* Ransomware
* How to remove the PBlock+ adware browser extension
* Remove the Toksearches.xyz Search Redirect
* Remove the Smashapps.net Search Redirect
* Remove the Smashappsearch.com Search Redirect
* Remove Security Tool and SecurityTool (Uninstall Guide)
* How to remove Antivirus 2009 (Uninstall Instructions)
* How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
* How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using
TDSSKiller
* Locky Ransomware Information, Help Guide, and FAQ
* CryptoLocker Ransomware Information Guide and FAQ
* CryptorBit and HowDecrypt Information Guide and FAQ
* CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
* Tutorials
* Latest
* Popular
* How to make the Start menu full screen in Windows 10
* How to install the Microsoft Visual C++ 2015 Runtime
* How to open an elevated PowerShell Admin prompt in Windows 10
* How to Translate a Web Page in Google Chrome
* How to start Windows in Safe Mode
* How to remove a Trojan, Virus, Worm, or other Malware
* How to show hidden files in Windows 7
* How to see hidden files in Windows
* Deals
* Categories
* eLearning
* IT Certification Courses
* Gear + Gadgets
* Security
* Forums
* More
* Startup Database
* Uninstall Database
* File Database
* Glossary
* Chat on Discord
* Send us a Tip!
* Welcome Guide
* Home
* News
* Security
* New Linux bug gives root on all major distros, exploit released
* AddThis Sharing Buttons
Share to FacebookFacebookShare to TwitterTwitterShare to
LinkedInLinkedInShare to RedditReddit99Share to Hacker NewsHacker NewsShare
to EmailEmail
*
NEW LINUX BUG GIVES ROOT ON ALL MAJOR DISTROS, EXPLOIT RELEASED
By
LAWRENCE ABRAMS
* March 7, 2022
* 04:22 PM
* 1
A new Linux vulnerability known as 'Dirty Pipe' allows local users to gain root
privileges through publicly available exploits.
Today, security researcher Max Kellermann responsibly disclosed the 'Dirty Pipe'
vulnerability and stated that it affects Linux Kernel 5.8 and later versions,
even on Android devices.
The vulnerability is tracked as CVE-2022-0847 and allows a non-privileged user
to inject and overwrite data in read-only files, including SUID processes that
run as root.
PLAY Top Articles Video Settings Full Screen About Connatix V154208 Read More
Read More Read More Read More Read More Read More Microsoft confirms Intune
enrollment issue onAndroid devices 1/1 Skip Ad Continue watching after the ad
Visit Advertiser websiteGO TO PAGE
Kellerman discovered the bug after tracking down a bug that was corrupting web
server access logs for one of his customers.
Kellerman states that the vulnerability is similar to the Dirty COW
vulnerability (CVE-2016-5195) fixed in 2016.
PUBLIC EXPLOITS GIVE ROOT PRIVILEGES
As part of the Dirty Pipe disclosure, Kellerman released a proof-of-concept
(PoC) exploit that allows local users to inject their own data into sensitive
read-only files, removing restrictions or modifying configurations to provide
greater access than they usually would have.
For example, security researcher Phith0n illustrated how they could use the
exploit to modify the /etc/passwd file so that the root user does not have a
password. Once this change is made, the non-privileged user could simply execute
the 'su root' command to gain access to the root account.
However, an updated exploit by security researcher BLASTY was also publicly
released today that makes it even easier to gain root privileges by patching the
/usr/bin/su command to drop a root shell at /tmp/sh and then executing the
script.
Once executed, the user gains root privileges, as demonstrated by
BleepingComputer below in Ubuntu 20.04.3 LTS running the 5.13.0-27-generic
kernel.
Demonstration of the CVE-2022-0847 Dirty Pipe vulnerability
Source: BleepingComputer
The vulnerability was responsibly disclosed to various Linux maintainers
starting on February 20th, 2022, including the Linux kernel security team
and the Android Security Team.
While the bug has been fixed in Linux kernels 5.16.11, 5.15.25, and 5.10.102,
many servers continue to run outdated kernels making the release of this exploit
a significant issue to server administrators.
Furthermore, due to the ease of gaining root privileges using these exploits, it
is only a matter of time before threat actors begin using the vulnerability when
conducting attacks. The similar Dirty COW vulnerability was previously used by
malware, even though it was harder to exploit.
This bug is especially concerning for web hosting providers who offer Linux
shell access or universities that commonly provide shell access to multi-user
Linux systems.
It has been a rough twelve months for Linux, with numerous high-profile
privilege elevation vulnerabilities disclosed.
These include privilege elevation vulnerabilities in the Linux iSCSI subsystem,
another kernel bug, the Extended Berkeley Packet Filter (eBPF), and Polkit's
pkexec component.
RELATED ARTICLES:
Google almost doubles Linux Kernel, Kubernetes zero-day rewards
Cisco fixes critical bugs in SMB routers, exploits available
Samba bug can let remote attackers execute code as root
Windows vulnerability with new public exploits lets you become admin
Linux system service bug gives root on all major distros, exploit released
* Dirty Pipe
* Exploit
* Linux
* Proof of Concept
* Vulnerability
* Facebook
* Twitter
* LinkedIn
* Email
*
LAWRENCE ABRAMS
Lawrence Abrams is the owner and Editor in Chief of BleepingComputer.com.
Lawrence's area of expertise includes Windows, malware removal, and computer
forensics. Lawrence Abrams is a co-author of the Winternals Defragmentation,
Recovery, and Administration Field Guide and the technical editor for Rootkits
for Dummies.
* Previous Article
* Next Article
COMMENTS
* MRMAGOO2 - 1 DAY AGO
*
*
Title incorrect. Does not affect rhel via this published attack vector.
POST A COMMENT COMMUNITY RULES
YOU NEED TO LOGIN IN ORDER TO POST A COMMENT
Not a member yet? Register Now
YOU MAY ALSO LIKE:
Popular Stories
* Russia creates its own TLS certificate authority to bypass sanctions
* Hackers fork open-source reverse tunneling tool for persistence
NEWSLETTER SIGN UP
To receive periodic updates and news from BleepingComputer, please use the form
below.
NEWSLETTER SIGN UP
* Follow us:
*
*
*
*
MAIN SECTIONS
* News
* Downloads
* Virus Removal Guides
* Tutorials
* Startup Database
* Uninstall Database
* File Database
* Glossary
COMMUNITY
* Forums
* Forum Rules
* Chat
USEFUL RESOURCES
* Welcome Guide
* Sitemap
COMPANY
* About BleepingComputer
* Contact Us
* Send us a Tip!
* Advertising
* Write for BleepingComputer
* Social & Feeds
* Changelog
Terms of Use - Privacy Policy - Ethics Statement
Copyright @ 2003 - 2022 Bleeping Computer® LLC - All Rights Reserved
LOGIN
Username
Password
Remember Me
Sign in anonymously
Sign in with Twitter
--------------------------------------------------------------------------------
Not a member yet? Register Now
REPORTER
HELP US UNDERSTAND THE PROBLEM. WHAT IS GOING ON WITH THIS COMMENT?
* Spam
* Abusive or Harmful
* Inappropriate content
* Strong language
* Other
*
Read our posting guidelinese to learn what content is prohibited.
Submitting...
SUBMIT