Article 5WVWM Linux has been bitten by its most high-severity vulnerability in years

Linux has been bitten by its most high-severity vulnerability in years

by
Dan Goodin
from Ars Technica - All content on (#5WVWM)
shark-0-1-800x711.jpeg

Enlarge (credit: Getty Images)

Linux has yet another high-severity vulnerability that makes it easy for untrusted users to execute code capable of carrying out a host of malicious actions, including installing backdoors, creating unauthorized user accounts, and modifying scripts or binaries used by privileged services or apps.

Dirty Pipe, as the vulnerability has been named, is among the most serious Linux threats to be disclosed since 2016, the year another high-severity and easy-to-exploit Linux flaw (named Dirty Cow) came to light as it was being used to hack a researcher's server. Researchers in 2016 demonstrated how to exploit Dirty Cow to root any Android phone regardless of the mobile OS version. Eleven months later, researchers unearthed 1,200 Android apps in third-party markets that maliciously exploited the flaw to do just that.

When Nobody becomes all-powerful

The name Dirty Pipe is meant to both signal similarities to Dirty Cow and provide clues about the new vulnerability's origins. "Pipe" refers to a pipeline, a Linux mechanism for one OS process to send data to another process. In essence, a pipeline is two or more processes that are chained together so that the output text of one process (stdout) is passed directly as input (stdin) to the next one.

Read 19 remaining paragraphs | Comments

index?i=sYYlvMy4k2k:4mv_9bI5TI0:V_sGLiPB index?i=sYYlvMy4k2k:4mv_9bI5TI0:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments