High Severity Privilege Escalation of Linux Kernel ‘Dirty Pipe’ On Major Distros

High Severity Privilege Escalation of Linux Kernel 'Dirty Pipe' On Major Distros

VTA-00409 – High Severity Privilege Escalation of Linux Kernel ‘Dirty Pipe’ On Major Distros

Recently, Linux has another high-severity vulnerability that makes it easier for untrusted users to execute codes capable of carrying out a host of malicious actions, including installing backdoors, creating unauthorized user accounts, and modifying scripts or binaries used by privileged services or apps.

The vulnerability named ‘Dirty Pipe’ is tracked as CVE-2022-0847. It allows a non-privileged user to inject and overwrite data in read-only files, including SUID processes that run as root. Other malicious actions enabled by Dirty Pipe include creating a cronjob that runs as a backdoor, adding a new user account to / etc / passwd + / etc / shadow (giving the new account root privileges), or modifying a script or binary used by a privileged service. This vulnerability first appeared in Linux kernel version 5.8, and later versions, even on Android devices.


Impact Analysis of Dridex Malware

Attack Surfaces:
Endpoint OS

Execution, Privilege Escalation

User Execution, Exploitation for Privilege Escalation

Active Defense Tactics:
Detect, Disrupt

Active Defense Techniques:
Baseline, Security Controls, Software Manipulation

SuperPRO’s Threat Countermeasures Procedures: 
1. Update Linux Kernel to version 5.16.11, 5.15.25, and 5.10.102.
2. Enable auto-updates to ensure software/program is always up to date.

Contributed by:  Jyao

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>