CVE-2016-5195
CVE-2016-5195
En resumen
Una falla en Linux permite que alguien con acceso local engañe al sistema para escribir en memoria que debería ser solo lectura, permitiendo tomar el control. Esto ocurre porque el sistema no gestiona correctamente una protección llamada copy-on-write.
Detalle técnico
Condición de carrera en mm/gup.c del kernel Linux 2.x–4.x anterior a 4.8.3 permite escalada de privilegios local explotando manejo inadecuado del mecanismo copy-on-write (COW). Un usuario sin privilegios puede escribir en asignaciones de memoria de solo lectura manipulando referencias de página en accesos concurrentes, resultando en ejecución de código a nivel kernel.
Resumen generado y traducido por IA a partir de la descripción oficial.
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Productos afectados
n/a · n/aPoCs públicas encontradas — 75
githubgithub.com/timwr/CVE-2016-5195★ 1003githubgithub.com/firefart/dirtycow★ 932githubgithub.com/scumjr/dirtycow-vdso★ 511githubgithub.com/gbonacini/CVE-2016-5195★ 340githubgithub.com/r1is/CVE-2022-0847★ 282githubgithub.com/hyln9/VIKIROOT★ 272githubgithub.com/Brucetg/DirtyCow-EXP★ 141githubgithub.com/DavidBuchanan314/cowroot★ 32githubgithub.com/aishee/scan-dirtycow★ 16githubgithub.com/xlucas/dirtycow.cr★ 13githubgithub.com/pgporada/ansible-role-cve★ 10githubgithub.com/whu-enjoy/CVE-2016-5195★ 10githubgithub.com/imust6226/dirtcow★ 9githubgithub.com/jas502n/CVE-2016-5195★ 7githubgithub.com/sideeffect42/DirtyCOWTester★ 7githubgithub.com/oleg-fiksel/ansible_CVE-2016-5195_check★ 6githubgithub.com/talsim/root-dirtyc0w★ 5githubgithub.com/droidvoider/dirtycow-replacer★ 4githubgithub.com/arttnba3/CVE-2016-5195★ 3githubgithub.com/LinuxKernelContent/DirtyCow★ 3githubgithub.com/esc0rtd3w/org.cowpoop.moooooo★ 3githubgithub.com/FloridSleeves/os-experiment-4★ 2githubgithub.com/DanielEbert/CVE-2016-5195★ 2githubgithub.com/LiEnby/PSSRoot★ 2githubgithub.com/ASRTeam/CVE-2016-5195★ 1githubgithub.com/malinthag62/The-exploitation-of-Dirty-Cow-CVE-2016-5195★ 1githubgithub.com/TotallyNotAHaxxer/CVE-2016-5195★ 1githubgithub.com/0x3n19m4/CVE-2016-5195★ 1githubgithub.com/th3-5had0w/DirtyCOW-PoC★ 1githubgithub.com/titanhp/Dirty-COW-CVE-2016-5195-Testing★ 1githubgithub.com/arbll/dirtycow★ 1githubgithub.com/EDLLT/CVE-2016-5195-master★ 0githubgithub.com/KosukeShimofuji/CVE-2016-5195★ 0githubgithub.com/istenrot/centos-dirty-cow-ansible★ 0githubgithub.com/ldenevi/CVE-2016-5195★ 0githubgithub.com/ndobson/inspec_CVE-2016-5195★ 0githubgithub.com/sribaba/android-CVE-2016-5195★ 0githubgithub.com/acidburnmi/CVE-2016-5195-master★ 0githubgithub.com/xpcmdshell/derpyc0w★ 0githubgithub.com/zakariamaaraki/Dirty-COW-CVE-2016-5195-★ 0githubgithub.com/shanuka-ashen/Dirty-Cow-Explanation-CVE-2016-5195-★ 0githubgithub.com/dulanjaya23/Dirty-Cow-CVE-2016-5195-★ 0githubgithub.com/KaviDk/dirtyCow★ 0githubgithub.com/passionchenjianyegmail8/scumjrs★ 0githubgithub.com/1equeneRise/scumjr9★ 0githubgithub.com/fei9747/CVE-2016-5195★ 0githubgithub.com/h1n4mx0/Research-CVE-2016-5195★ 0githubgithub.com/ZhiQiAnSecFork/DirtyCOW_CVE-2016-5195★ 0githubgithub.com/sakilahamed/Linux-Kernel-Exploit-LAB★ 0githubgithub.com/ASUKA39/CVE-2016-5195★ 0githubgithub.com/Samuel-G3/Escalamiento-de-Privilegios-usando-el-Kernel-Exploit-Dirty-Cow★ 0githubgithub.com/mohammadamin382/dirtycow-lab★ 0githubgithub.com/MarioAlejos-Cs/dirtycow-lab★ 0githubgithub.com/pardhu045/linux-privilege-escalation★ 0githubgithub.com/ramahmdr/dirtycow★ 0githubgithub.com/elhaddadalaa788-alt/kernel-exploit-dirtycow-project-subm★ 0githubgithub.com/theo543/OSDS_Paper_CVE-2016-5195★ 0githubgithub.com/maur0amaya/Escalamiento-de-Privilegios-usando-el-Kernel-Exploit-Dirty-Cow★ 0githubgithub.com/KasunPriyashan/Y2S1-Project-Linux-Exploitaion-using-CVE-2016-5195-Vulnerability★ 0githubgithub.com/vinspiert/scumjrs★ 0cve_referencewww.exploit-db.com/exploits/40847/no verificadocve_referencewww.exploit-db.com/exploits/40839/no verificadoexploitdbwww.exploit-db.com/exploits/40616no verificadocve_referencewww.exploit-db.com/exploits/40616/no verificadocve_referencewww.exploit-db.com/exploits/40611/no verificadoexploitdbwww.exploit-db.com/exploits/40847no verificadocve_referencepacketstormsecurity.com/files/142151/Kernel-Live-Patch-Security-Notice-LSN-0021-1.htmlno verificadocve_referencepacketstormsecurity.com/files/139287/DirtyCow-Local-Root-Proof-Of-Concept.htmlno verificadocve_referencepacketstormsecurity.com/files/139923/Linux-Kernel-Dirty-COW-PTRACE_POKEDATA-Privilege-Escalation.htmlno verificadocve_referencepacketstormsecurity.com/files/139286/DirtyCow-Linux-Kernel-Race-Condition.htmlno verificadoexploitdbwww.exploit-db.com/exploits/40838no verificadocve_referencepacketstormsecurity.com/files/139922/Linux-Kernel-Dirty-COW-PTRACE_POKEDATA-Privilege-Escalation.htmlno verificadoexploitdbwww.exploit-db.com/exploits/40839no verificadocve_referencepacketstormsecurity.com/files/139277/Kernel-Live-Patch-Security-Notice-LSN-0012-1.htmlno verificadoexploitdbwww.exploit-db.com/exploits/40611no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://fortiguard.com/advisory/FG-IR-16-063http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10770http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10774http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10807http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00034.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-10/msg00035.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-10/msg00036.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-10/msg00038.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-10/msg00039.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-10/msg00040.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-10/msg00045.html