Shulou(Shulou.com)06/01 Report--

Today, I will talk to you about how to understand the loophole of CVE-2016-5195 dirty cattle, which may not be well understood by many people. In order to make you understand better, the editor has summarized the following contents for you. I hope you can get something according to this article.

CVE-2016-5195 Dirty Bull vulnerability: Linux kernel kill and lift rights vulnerability

Vulnerability description

Vulnerability number: CVE-2016-5195

Vulnerability name: dirty cow (Dirty COW)

Vulnerability harm: low-privilege users can use this vulnerability technology to realize local rights enhancement on full-version Linux systems.

Scope of impact: Linux kernel > = 2.6.22 (released in 2007) has been affected since then and was not fixed until October 18, 2016.

Why is it called dirty cow (Dirty COW) loophole?

There is a conditional race vulnerability in the memory subsystem of the Linux kernel when processing copy-on-write (Copy-on-Write), which can break the private read-only memory mapping. A low-privileged local user can take advantage of this vulnerability to gain write access to other read-only memory maps, which may further lead to a privilege escalation vulnerability.

2 details related to vulnerabilities

Vulnerability details: https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails

According to the RedHat report, techniques for exploiting this vulnerability have been found in the wild. But so far, we have no further information.

Https://access.redhat.com/security/vulnerabilities/2706661

Commit messages:

Commit 4ceb5db9757aaeadcf8fbbf97d76bd42aa4df0d6

Author: Linus Torvalds

Date: Mon Aug 1 11:14:49 2005-0700

Fixed get_user_pages () write access race condition

If an update comes from another thread that ends modifying the page table, handle_mm_fault () may end up requiring us to re-operate. Handle_mm_fault () has always been able to destroy COW without real protection. This looks good, but it will be reread at the end of get_user_pages (), so that if get_user_pages () is rewritten all the time, you need the dirty bit setting, and the easiest way to solve the race condition is that if COW's break fails for some reason, we can continue to loop and keep trying.

Commit 19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619

Author: Linus Torvalds

Date: Thu Oct 13 20:07:36 2016 GMT

This is an old BUG. I tried to fix it once seven years ago (commit 4ceb5db9757a), but rolled back due to some problems (commit f33ea7f404e5). This time, we tested the pte_dirty () bit.

Information about this vulnerability in various 3Linux distributions

Red Hat: https://access.redhat.com/security/cve/cve-2016-5195

Debian: https://security-tracker.debian.org/tracker/CVE-2016-5195

Ubuntu: http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5195.html

4 the scope of influence

This vulnerability has been affected since kernel 2.6.22 (released in 2007) and was not fixed until October 18, 2016.

5 how to repair

The Linux team is actively fixing this vulnerability, which can be fixed by updating the system to the latest release. Software developers can also use the

Https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/id=19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619

Recompile Linux to fix this vulnerability.

After reading the above, do you have any further understanding of how to understand the CVE-2016-5195 dirty cow loophole? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.