Ethical Hacking

Linux “Dirty Pipe” New Vulnerability allows Local users to Gain Root Privileges

Linux “Dirty Pipe” New Vulnerability allows Local users to Gain Root Privileges

Hello Hacker,

Let’s read some Cybersecurity Blogs

Today we will learn about a new vulnerability named “Dirty Pipe” which allows local users to gain root privileges just by running a script written in the “Clanguage.

Security researcher “Max Kellermann” has reported this vulnerability to Linux, which stated it affects Linux kernel 5.8 and later versions, even on Android devices.

The vulnerability is CVE-2022-0847 which allows a non-privileged local user to inject and overwrite data in read-only files including SUID processes that run as root and finally, it gives a Root Shell.

The vulnerability is similar to Dirty Cow Vulnerability (CVE-2016-5195), which was fixed in 2016.

LET’S EXPLOIT IT…

Before Exploitation:

Mainly the vulnerability is exploiting the SUID(Set User Identification) permission, simply we just need to download the “C” file and run it after compilation with a SUID permission file.

Download the file and compile it(GCC compiler) and run the file with SUID Permission file(like /usr/bin/su)

After Exploit:

In the above image, you can clearly see how I was able to gain the root shell in just simple steps…

That’s all for today, it’s time to say BYE for now!!

Happy Hacking!!

Share this post

About the author

Leave a Reply

Your email address will not be published. Required fields are marked *