Dirty Pipe: CVE-2022-0847 | Explanation and Manually Exploit Tutorial

#DirtyPipe #DirtyCow #PrivilegeEscalation In March 2022, a researcher named Max Kellerman publicly disclosed a Linux Kernel vulnerability (nicknamed "Dirty Pipe" for its similarities to the notorious "Dirty Cow" exploit affecting older versions of the kernel) that allowed attackers to arbitrarily overwrite files on the operating system. The vulnerability was responsibly disclosed in early 2022 and was publicly released in a blog post written by Max Kellerman soon after patches were made available. Arbitrary file overwrites at the kernel level can be very easily leveraged to escalate privileges on the machine (i.e. to obtain administrator, or "root" privileges). This is a devastating vulnerability, made more so by its reach: any devices running a vulnerable version of the Linux kernel (including Android phones) are affected! Overview Due to their low-level nature, any in-depth discussion of kernel vulnerabilities quickly becomes rather complicated. As such we will keep the information in this task relatively light, in the interests of keeping the information easy to digest. If you would like to read an in-depth explanation of the vulnerability (including a full code analysis), you are highly encouraged to check out Max Kellerman's original blog post. Before continuing with this task, it is important to note that Dirty Pipe has been fixed in Linux kernel versions 5.16.11, 5.15.25 and 5.10.102, so if you use or manage any Linux (or Android) devices, make sure that they are running a kernel greater than one of these versions! Theory In order to understand how Dirty Pipe works, we must first look at how the Linux Kernel manages memory. The Effects So, what does this all mean? In short, it means that, with the right code, we can arbitrarily overwrite any file on the system, provided we can open it for reading. In other words: if our user has read access over the file (regardless of other permissions or mutability) then we can also write to it. Interestingly, this also applies to read-only file systems or otherwise protected files that the kernel would usually stop us from writing to; by exploiting the kernel vulnerability and circumventing the "usual" write methods, we also bypass these protections. It's important to note that the changes will not actually be permanent until the kernel chooses to reclaim the memory used by the page (at which point the page gets dumped to the disk). Restarting the device or clearing the page cache manually before the kernel reclaims the memory will revert the file back to its original contents. Remediations Fortunately, the remediation for this vulnerability is very simple: update your kernel. Patched versions of the Linux Kernel have been released for supported major kernel versions — specifically, the vulnerability has been patched in Linux kernel versions 5.16.11, 5.15.25 and 5.10.102. Ensure that you apply updates to all of your Linux devices (including any Android) as soon as security patches are released. Social Media LinkedIn: https://linkedin.com/in/chandan-singh-ghodela Twitter: https://twitter.com/chandanghodela Instagram: https://instagram/chandan.ghodela HashTags #linux #programming #hacking #python #coding #cybersecurity #technology #hacker #kalilinux #programmer #windows #tech #ethicalhacking #computerscience #java #javascript #developer #hackers #hack #coder #security #code #infosec #software #html #ethicalhacker #pentesting #computer #cyber #programmingmemes #vapt #cybersecurity #penetrationtesting #ethicalhacking #bugbounty #hacking #security #cyberforensics #hacker #vulnerability #pentesting #vulnerabilityassessment #infosec #bugcrowd #wapt #kleen #cyber #kalilinux #penetration #malware #applicationtesting #cybersecurityawareness #informationsecurity #pentest #kali #networksecurity #cyberpunk #business #cyberattack #websecurity #pentesting #hacking #cybersecurity #ethicalhacking #hacker #infosec #kalilinux #hackers #ethicalhacker #linux #informationsecurity #malware #programming #security #hack #cybercrime #cyberattack #technology #python #coding #cybersecurityawareness #cyber #hacked #hackerman #programmer #hackingtools #computerscience #anonymous #hackerspace #bugbounty #cybersecurity #hacking #security #technology #hacker #infosec #ethicalhacking #cybercrime #tech #linux #cyber #hackers #informationsecurity #cyberattack #programming #malware #kalilinux #privacy #cybersecurityawareness #coding #datasecurity #dataprotection #python #ethicalhacker #hack #it #computerscience #pentesting #informationtechnology #business