dirtycow.ninja Open in urlscan Pro
2606:4700:3037::6815:26b7  Public Scan

Form analysis
0 forms found in the DOM

Text Content

 * Home
 * Twitter
 * Wiki
 * Shop


CVE-2016-5195


Dirty COW (CVE-2016-5195) is a privilege escalation vulnerability in the Linux
Kernel

View Exploit Details


FAQ

WHAT IS THE CVE-2016-5195?

CVE-2016-5195 is the official reference to this bug. CVE (Common Vulnerabilities
and Exposures) is the Standard for Information Security Vulnerability Names
maintained by MITRE.

WHY IS IT CALLED THE DIRTY COW BUG?

"A race condition was found in the way the Linux kernel's memory subsystem
handled the copy-on-write (COW) breakage of private read-only memory mappings.
An unprivileged local user could use this flaw to gain write access to otherwise
read-only memory mappings and thus increase their privileges on the system."
(RH)

WHAT MAKES THE DIRTY COW BUG UNIQUE?

In fact, all the boring normal bugs are _way_ more important, just because
there's a lot more of them. I don't think some spectacular security hole should
be glorified or cared about as being any more "special" than a random
spectacular crash due to bad locking.

ANYONE SHARING OR HAVE DETAILS ABOUT THE "IN THE WILD EXPLOIT"?

An exploit using this technique has been found in the wild from an HTTP packet
capture according to Phil Oester.

HOW DO I USE THIS DOCUMENT?

This FAQ provides answers to some of the most frequently asked questions
regarding the Dirty COW vulnerability. This is a living document and will be
updated regularly at https://dirtycow.ninja.

AM I AFFECTED BY THE BUG?

Nope.

CAN MY ANTIVIRUS DETECT OR BLOCK THIS ATTACK?

Although the attack can happen in different layers, antivirus signatures that
detect Dirty COW could be developed. Due to the attack complexity,
differentiating between legitimate use and attack cannot be done easily, but the
attack may be detected by comparing the size of the binary against the size of
the original binary. This implies that antivirus can be programmed to detect the
attack but not to block it unless binaries are blocked altogether.

IS THIS AN OPENSSL BUG?

No.

WHERE CAN I FIND MORE INFORMATION?

Red Hat. Debian. Ubuntu. SUSE.

HOW CAN LINUX BE FIXED?

Even though the actual code fix may appear trivial, the Linux team is the expert
in fixing it properly so the fixed version or newer should be used. If this is
not possible software developers can recompile Linux with the fix applied.

HOW DO I UNINSTALL LINUX?

Please follow these instructions.

CAN I DETECT IF SOMEONE HAS EXPLOITED THIS AGAINST ME?

Exploitation of this bug does not leave any trace of anything abnormal happening
to the logs.

HAS THIS BEEN EXPLOITED IN THE WILD?

Maybe. Maybe not. We don't know. Security community should deploy honeypots that
entrap attackers and to alert about exploitation attempts.

WHO FOUND THE DIRTY COW VULNERABILITY?

Phil Oester

WHAT'S WITH THE STUPID (LOGO|WEBSITE|TWITTER|GITHUB ACCOUNT)?

It would have been fantastic to eschew this ridiculousness, because we all make
fun of branded vulnerabilities too, but this was not the right time to make that
stand. So we created a website, an online shop, a twitter account, and used a
logo that a professional designer created.

WHAT CAN BE DONE TO PREVENT THIS FROM HAPPENING IN FUTURE?

The security community, we included, must learn to find these inevitable human
mistakes sooner. Please support the development effort of software you trust
your privacy to. Donate money to the FreeBSD project.

IS THERE A BRIGHT SIDE TO ALL THIS?

For those service providers who are affected, this is a good opportunity to
upgrade security strength of the systems used. A lot of software gets updates
which otherwise would have not been urgent. Although this is painful for the
security community, we can rest assured that infrastructure of the cyber
criminals and their secrets have been exposed as well.

Dirty COW is a community-maintained project for the bug otherwise known as
CVE-2016-5195. It is not associated with the Linux Foundation, nor with the
original discoverer of this vulnerability. If you would like to contribute go to
GitHub.