VTA-00409 – High Severity Privilege Escalation of Linux Kernel ‘Dirty Pipe’ On Major Distros
Recently, Linux has another high-severity vulnerability that makes it easier for untrusted users to execute codes capable of carrying out a host of malicious actions, including installing backdoors, creating unauthorized user accounts, and modifying scripts or binaries used by privileged services or apps.
The vulnerability named ‘Dirty Pipe’ is tracked as CVE-2022-0847. It allows a non-privileged user to inject and overwrite data in read-only files, including SUID processes that run as root. Other malicious actions enabled by Dirty Pipe include creating a cronjob that runs as a backdoor, adding a new user account to / etc / passwd + / etc / shadow (giving the new account root privileges), or modifying a script or binary used by a privileged service. This vulnerability first appeared in Linux kernel version 5.8, and later versions, even on Android devices.
Severity:
High
Attack Surfaces:
Endpoint OS
Tactics:
Execution, Privilege Escalation
Techniques:
User Execution, Exploitation for Privilege Escalation
Active Defense Tactics:
Detect, Disrupt
Active Defense Techniques:
Baseline, Security Controls, Software Manipulation
SuperPRO’s Threat Countermeasures Procedures:
1. Update Linux Kernel to version 5.16.11, 5.15.25, and 5.10.102.
2. Enable auto-updates to ensure software/program is always up to date.
Contributed by: Jyao
Leave a Reply