If you are using android phone or Linux operating system then read this very carefully.“Dirty COW” is a serious Linux kernel vulnerability that was recently discovered to have been lurking in the code for more than nine years. It is pretty much guaranteed that if you’re using any version of Linux or Android released in the past decade, you’re vulnerable.
Dirty COW (CVE-2016-5195) is a privilege escalation vulnerability in the Linux Kernel.
CVE-2016-5195 is the official reference to this bug. CVE (Common Vulnerabilities and Exposures) is the Standard for Information Security Vulnerability Names.
This vulnerability is identified by Phil Oester.
Before understanding this vulnerability we will try to understand atomic transaction.
In the atomic transaction the system will maintain initial state of system until the particular action completed.for that purpose we will going to lock the particular resource until the execution completed.
but there is one flaw for the same in Linux.
there is race condition present in memory mapping.
A race condition is an undesirable situation that occurs when a device or system attempts to perform two or more operations at the same time, but because of the nature of the device or system, the operations must be done in the proper sequence to be done correctly.
Linux uses the “Copy on Write” (COW) approach to reduce unnecessary duplication of memory
objects. Lets understand this concept:
a = ‘COW’ b = a
Lets consider above syntax in which there are two different objects but they are referencing same memory location that is memory location of variable a.there is no need to take up twice the amount of RAM for two identical values.so ram will maintain same memory location.
Next, the OS will wait until the value of the duplicate object is actually modified:
b += ‘ Dirty’Following steps are performed :
- allocate memory for the new, modified version of the object
- read the original contents of the object being duplicated (‘COW’)
- perform any required changes to it (append ‘ Dirty’)
- write modified contents into the newly allocated area of memory
Unfortunately, there is a race condition between step 2 and step 4 which tricks the memory mapper to write the modified contents into the original memory range instead of the newly allocated area, such that instead of modifying memory belonging to “b” we end up modifying the value of "a".
How this will affect to your system:
In the Linux the permissions are read only or read-write.
For example, as a non-privileged user you should be able to read “/bin/bash” in order to start a shell session when you log in, but not write to it. Only a privileged user that is “root” should be able to modify this file, otherwise any malicious user could replace the bash binary with a modified version that,and create backdoor to your system through which he can access your system remotely.
The race condition allows the attacker to bypass this permissions by using the COW mechanism to modify the original read-only objects instead of their copies. In other words, a carefully crafted attack can indeed replace "/bin/bash" with a malicious version by an unprivileged user.
The Solution:
The patch is available with latest Linux kernel. so update your kernel.
for the Android OS which is using Linux kernel there is not any patch yet present. hope google will solve this in the latest release of android.
0 comments :
Post a Comment