Attention users of this widely used open-sourced operating system. A critical vulnerability within its code has been recently discovered and this security flaw could potentially allow an attacker to take total control of a compromised computer.
This operating system powers supercomputers, servers, smartphones, smart TVs, cars, spaceships, entertainment systems and pocket computers. You name it, this system is probably involved with it one way or another. It is so well adopted that it totally surrounds us.
Named the Dirty Cow exploit, due to how the flaw affects the Copy-On-Write mechanism on the Linux kernel, the bug is said to have been affecting systems for about nine years now and according to the software vendor Red Hat, is currently being exploited in the wild. Since the bug resides within the Linux kernel, it affects every known flavor of the operating system, including RedHat's own distro, Ubuntu, Debian, and even Android on smartphones.
Since the Dirty Cow flaw is a "privilege-escalation" vulnerability, it can allow an application with embedded malicious code to gain total control of a Linux system by exploiting a race condition in the kernel's memory.
According to the official Dirty Cow information website:
"A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system."
Phil Oester, the security researcher credited for finding the flaw, stated that since this exploit is easy to execute, it is almost certainly already exploited in the wild and it will increasingly be probed as a weakness. Even Linus Torvalds, the man responsible for Linux, stated earlier that he was actually aware of the issue and tried to fix it 11 years ago but since it was hard to exploit back then, he ignored it. Fast forward to today, the Linux kernel has evolved so much that the flaw is now easily accessible.
Oester found the bug in 2007 while investigating an attack on one of the Linux servers he was managing. He successfully extracted the exploit by capturing its HTTP traffic and then tested it in a controlled "sandbox."
"These rolling packet captures have proved invaluable numerous times," he said. "I would recommend this extra security measure to all admins."
Protect your Linux system
Fortunately, the security flaw is already patched on major versions of Linux such as Ubuntu, Red Hat and Debian. If you have any of these flavors installed, please update immediately.
Android phones are also Linux powered so they are likewise affected by the flaw. Make sure to download security patches for your smartphone as soon as they are available.