Linux distros patch 'Dirty Pipe' make-me-root kernel bug

2022-03-08 04:26

A Linux local privilege escalation flaw dubbed Dirty Pipe has been discovered and disclosed along with proof-of-concept exploit code.

Max Kellermann said he found the programming blunder and reported it to the kernel security team in February, which issued patches within a few days.

The bug can be abused to add or overwrite data in sensitive read-only files, such as removing the root password from /etc/passwd allowing anyone on the system to get superuser access.

"There were no blocks added in the last three days at all since the disclosure, and none because of any data leak post/tweet," a spokesperson told us on Monday.

Homomorphic encryption - which allows operations to be performed on encrypted data without having to decrypt and re-encrypt it - has been probed by academics at North Carolina State University, who now claim they have come up with a technique to snoop on data as it is being encrypted and fed into a system.

In effect, it's really just obtaining the data before it's even in the homomorphic system.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/03/08/in_brief_security/

#kernel #linux #patch #root

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Linux		18	373	1439	1138	696	3646
Kernel		4	2	8	5	0	15

News URL

Related news

Related vendor