Dirty Pipe Hits Linux in Latest Attack | Vulnerability Can Overwrite Data?

A notorious Linux vulnerability has been reportedly injecting malicious code into the root processes. The so-called high-risk security threat "Dirty Pipe" can pull off data overwriting for the attackers. This is intended for read-only files.

The very first time that it was discovered on the platform was way back in 2016. Since then, cybersecurity researchers have attempted to seek a solution to mitigate the attacks.

Dirty Pipe Linux Vulnerability

Dirty Pipe Hits Linux in Latest Attack | Vulnerability Can Overwrite Data?
A well-known security vulnerability in Linux dubbed "Dirty Pipe" is reportedly back once again according to a cybersecurity researcher. Sai Kiran Anagani from Unsplash

According to a report by Ars Technica, the newest vulnerability which affects Linux servers could be similar to Dirty Cow. It should be noted that researchers have been digging into the origins of this threat.

Particularly, the vulnerability which was identified under CVE-2022-0847 has been discovered to be hitting Linux Kernel 5.8 and even its more updated versions. In addition, it can also exploit Android devices.

For Linux users, the report wrote that there were fixes in specific Linux versions such as 5.16.11, 5.15.25, and 5.10.102.

According to Max Kellermann, a cybersecurity analyst who shared a detailed report about the Dirty Pipe Vulnerability, the discovery for this threat began when he received a support ticket involving corrupt files. This took place last year.

He has been informed of the several complaints that arose regarding logs access. One customer raised concern about these logs not being able to decompress. In response, Kellermann saw the issue that took place on the platform.

The next thing, he conducted a manual fix for the issue and shut the ticket. However, it was not a successful attempt since the problem only escalated and continued again.

Furthermore, there was a finding that when the content of the files appeared to be corrected, an issue would definitely appear after. Kellerman continued to investigate this vulnerability and found out a pattern that points to a "surprising kind of corruption."

Related Article: Sudo Vulnerability 2021: 'Baron Samedit' Bug on Linux Gives Attackers Free Root-Level Access

Dirty Pipe Attackers Could Gain Access to Confidential Information

Kellerman explained in-depth how this Linux security threat could be exploited. At first, he assumed that exploitability was only possible during the file writing process. It was concluded that the Dirty Pipe can be exploited with arbitrary data.

The cybersecurity researcher disclosed some details regarding the Linux kernel patch on Feb. 20, according to SiliconANGLE. Three days ago, the team released the fixes for the said platform. The fix for the Android kernel was revealed a day after.

"Exploitation of Dirty Pipe could allow attackers to take control of systems and destroy or exfiltrate sensitive data," Automox Inc.'s VP of Product Strategy Paul Zimski said in an interview with SiliconANGLE.

He added that this vulnerability was something crucial to stop, citing the "highly-sensitive infrastructure" regarding Linux.

Moreover, Zimski suggested that security administrators should look after vulnerability patching in the next 24 hours. This process would help them to prevent further organizational risk.

Meanwhile, Tech Times shared a potential fix for the Linux VMs exposed to OMIGOD vulnerability.

Read Also: Google Chrome Users Beware: 8 'High' Threat Exploits Exposed | Here's How to Protect Yourself From These Hacks

This article is owned by Tech Times

Written by Joseph Henry

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics