Security News > 2022 > March > New Linux bug gives root on all major distros, exploit released
A new Linux vulnerability known as 'Dirty Pipe' allows local users to gain root privileges through publicly available exploits.
Security researcher Phith0n illustrated how they could use the exploit to modify the /etc/passwd file so that the root user does not have a password.
An updated exploit publicly released today makes it even easier to gain root privileges by patching the /usr/bin/su command to drop a root shell at /tmp/sh and then executing the script.
The vulnerability was responsibly disclosed to various Linux maintainers starting on February 20th, 2022, including the Linux kernel security team and the Android Security Team.
While the bug has been fixed in Linux kernels 5.16.11, 5.15.25, and 5.10.102, many servers continue to run outdated kernels making the release of this exploit a significant issue to server administrators.
This bug is especially concerning for web hosting providers who offer Linux shell access or universities that commonly provide shell access to multi-user Linux systems.