Dirty Cow

Dirty Cow

Hey all,
Two years ago I’m sure you’ve all heard about ShellShock – a remote code execution exploit in bash that existed for about 25 yearsuntil discovered.
Three weeks ago a new vulnerability, known as Dirty Cow (or CVE-2016-5195 if you insist), was discovered.
This exploit allows local privilege escalation on almost all Linux distributions and kernels as the vulnerable code existed since 2007(from kernel version 2.6.22 and even 2.6.18 for some distributions).
While this is only a privilege escalation vulnerability, there are already reports of users gaining limited access to servers and using this vulnerability to escalate their privileges.
In fact, the exploit became public as a security researcher observed the exploit in a pcap file.
Organizations are kindly requested to upgrade their kernel version.
BTW,
This exploit can also be used to root your Android device (https://github.com/timwr/CVE-2016-5195)
Stay tuned for more updates.
Dan Gurfinkel
Head of Offensive Security & Response Unit
Comsec by HUB Security logo
We are sorry to hear you have a problem, but we are here to help!

Our Hot Line is ready to provide
immediate assistance 24/7

Calling from Israel?

+972 747047472

Calling from anywhere else?

+31202170634

Comsec by HUB Security logo

We are sorry to hear you have a problem, but we are here to help!

Our Hot Line is ready to provide immediate assistance 24/7

Skip to content