← voltar
CVE-2016-5195

CVE-2016-5195

CVSS 7 HIGHEPSS 83.5%● KEVCWE-362
Em resumo

Uma falha no Linux permite que alguém com acesso local engane o sistema para escrever em memória que deveria ser somente leitura, permitindo tomar controle. Isso ocorre porque o sistema não gerencia corretamente uma proteção chamada copy-on-write.

Detalhe técnico

Condição de corrida em mm/gup.c no kernel Linux 2.x–4.x anterior à versão 4.8.3 permite elevação de privilégios local ao explorar manipulação inadequada do mecanismo copy-on-write (COW). Um usuário sem privilégios pode escrever em mapeamentos de memória somente leitura explorando referências de página em acessos concorrentes, resultando em execução de código em nível kernel.

Resumo gerado e traduzido por IA a partir da descrição oficial.
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
n/a · n/a
PoCs públicas encontradas75
githubgithub.com/timwr/CVE-2016-51951003githubgithub.com/firefart/dirtycow932githubgithub.com/scumjr/dirtycow-vdso511githubgithub.com/gbonacini/CVE-2016-5195340githubgithub.com/r1is/CVE-2022-0847282githubgithub.com/hyln9/VIKIROOT272githubgithub.com/Brucetg/DirtyCow-EXP141githubgithub.com/DavidBuchanan314/cowroot32githubgithub.com/aishee/scan-dirtycow16githubgithub.com/xlucas/dirtycow.cr13githubgithub.com/pgporada/ansible-role-cve10githubgithub.com/whu-enjoy/CVE-2016-519510githubgithub.com/imust6226/dirtcow9githubgithub.com/jas502n/CVE-2016-51957githubgithub.com/sideeffect42/DirtyCOWTester7githubgithub.com/oleg-fiksel/ansible_CVE-2016-5195_check6githubgithub.com/talsim/root-dirtyc0w5githubgithub.com/droidvoider/dirtycow-replacer4githubgithub.com/arttnba3/CVE-2016-51953githubgithub.com/LinuxKernelContent/DirtyCow3githubgithub.com/esc0rtd3w/org.cowpoop.moooooo3githubgithub.com/FloridSleeves/os-experiment-42githubgithub.com/DanielEbert/CVE-2016-51952githubgithub.com/LiEnby/PSSRoot2githubgithub.com/ASRTeam/CVE-2016-51951githubgithub.com/malinthag62/The-exploitation-of-Dirty-Cow-CVE-2016-51951githubgithub.com/TotallyNotAHaxxer/CVE-2016-51951githubgithub.com/0x3n19m4/CVE-2016-51951githubgithub.com/th3-5had0w/DirtyCOW-PoC1githubgithub.com/titanhp/Dirty-COW-CVE-2016-5195-Testing1githubgithub.com/arbll/dirtycow1githubgithub.com/EDLLT/CVE-2016-5195-master0githubgithub.com/KosukeShimofuji/CVE-2016-51950githubgithub.com/istenrot/centos-dirty-cow-ansible0githubgithub.com/ldenevi/CVE-2016-51950githubgithub.com/ndobson/inspec_CVE-2016-51950githubgithub.com/sribaba/android-CVE-2016-51950githubgithub.com/acidburnmi/CVE-2016-5195-master0githubgithub.com/xpcmdshell/derpyc0w0githubgithub.com/zakariamaaraki/Dirty-COW-CVE-2016-5195-0githubgithub.com/shanuka-ashen/Dirty-Cow-Explanation-CVE-2016-5195-0githubgithub.com/dulanjaya23/Dirty-Cow-CVE-2016-5195-0githubgithub.com/KaviDk/dirtyCow0githubgithub.com/passionchenjianyegmail8/scumjrs0githubgithub.com/1equeneRise/scumjr90githubgithub.com/fei9747/CVE-2016-51950githubgithub.com/h1n4mx0/Research-CVE-2016-51950githubgithub.com/ZhiQiAnSecFork/DirtyCOW_CVE-2016-51950githubgithub.com/sakilahamed/Linux-Kernel-Exploit-LAB0githubgithub.com/ASUKA39/CVE-2016-51950githubgithub.com/Samuel-G3/Escalamiento-de-Privilegios-usando-el-Kernel-Exploit-Dirty-Cow0githubgithub.com/mohammadamin382/dirtycow-lab0githubgithub.com/MarioAlejos-Cs/dirtycow-lab0githubgithub.com/pardhu045/linux-privilege-escalation0githubgithub.com/ramahmdr/dirtycow0githubgithub.com/elhaddadalaa788-alt/kernel-exploit-dirtycow-project-subm0githubgithub.com/theo543/OSDS_Paper_CVE-2016-51950githubgithub.com/maur0amaya/Escalamiento-de-Privilegios-usando-el-Kernel-Exploit-Dirty-Cow0githubgithub.com/KasunPriyashan/Y2S1-Project-Linux-Exploitaion-using-CVE-2016-5195-Vulnerability0githubgithub.com/vinspiert/scumjrs0cve_referencewww.exploit-db.com/exploits/40847/não verificadocve_referencewww.exploit-db.com/exploits/40839/não verificadoexploitdbwww.exploit-db.com/exploits/40616não verificadocve_referencewww.exploit-db.com/exploits/40616/não verificadocve_referencewww.exploit-db.com/exploits/40611/não verificadoexploitdbwww.exploit-db.com/exploits/40847não verificadocve_referencepacketstormsecurity.com/files/142151/Kernel-Live-Patch-Security-Notice-LSN-0021-1.htmlnão verificadocve_referencepacketstormsecurity.com/files/139287/DirtyCow-Local-Root-Proof-Of-Concept.htmlnão verificadocve_referencepacketstormsecurity.com/files/139923/Linux-Kernel-Dirty-COW-PTRACE_POKEDATA-Privilege-Escalation.htmlnão verificadocve_referencepacketstormsecurity.com/files/139286/DirtyCow-Linux-Kernel-Race-Condition.htmlnão verificadoexploitdbwww.exploit-db.com/exploits/40838não verificadocve_referencepacketstormsecurity.com/files/139922/Linux-Kernel-Dirty-COW-PTRACE_POKEDATA-Privilege-Escalation.htmlnão verificadoexploitdbwww.exploit-db.com/exploits/40839não verificadocve_referencepacketstormsecurity.com/files/139277/Kernel-Live-Patch-Security-Notice-LSN-0012-1.htmlnão verificadoexploitdbwww.exploit-db.com/exploits/40611não verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://fortiguard.com/advisory/FG-IR-16-063http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10770http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10774http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10807http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00034.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-10/msg00035.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-10/msg00036.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-10/msg00038.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-10/msg00039.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-10/msg00040.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-10/msg00045.html